A User Friendly Guard with Mobile Post-Release Access Control Policy

  • Douglas E. Williams
  • Amgad Fayad
  • Sushil Jajodia
  • Daniel Calle
Conference paper
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 122)


Information security guards perform an important function in multilevel security (MLS) environments. To perform their functions correctly, guards must contain data release and sanitization rules that accurately reflect the reclassification or declassification requirements to move data across information security boundaries. The current guards, however, require considerable technical skill to express release and sanitization rules, which data producers typically do not possess. Another limitation of the current guards is that once the data passes through a guard, all access control requirements to that data is lost. In this paper, we propose a high-level language to express release and sanitization rules, as well as post-release access control rules. We also describe a prototype that demonstrates the applicability of our approach.


Access Control Data Producer Policy Rule Security Guard Access Control Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Claudio Bettini, Sushil Jajodia, X. Sean Wang, Duminda Wijesekera, “Obligation monitoring in policyGoogle Scholar
  2. management,“ Proc. 3rd International Workshop on Policies tor Distributed Systems and Networks (POLICY 2002). Monterey. CA, June 2002, To appear.Google Scholar
  3. 2.
    S. Chapin. S, Jajodia, and D. Faatz, “Distributed Policies for Data Management Making Policies Mobile;’ Proc. 14th IFIP 11.3 lVorkia,4 Conference on Database Security, Schoorl, Netherlands, August 2000.Google Scholar
  4. 3.
    DCID6/3, Available at: hap://–3_20Manuat.htm Google Scholar
  5. 4.
    V. Doshi, A. Fayad, 5, Jajodia, and R. Maclean, “Using Attribute Certificates and Mobile Policies in Electronic Commerce Applications; ’ Proc. 16111 Annual Computer Security Applications Cogl:, 2000, pages 298–307.Google Scholar
  6. 5.
    Joshua D. Guttman, John D. Ramsdell, and Vipin Swamp, “Felt: A Security Filter Compiler,” Revision 2, Technical Report,The MITRE Corporation, 1999.Google Scholar
  7. 6.
    Sushil Jajodia, Michiharu Kudo, V. S. Subrahnumian, —Provisional authorizations,“ in E-Conunerre Security and Privacy, Anup Ghost], ed„ Kluwer Academic Publishers, Boston, 2001, pages 133–159.Google Scholar
  8. 7.
    K. Smith. D. Faatz, A. Fayad, and S. Jajodia, “Propagating Modifications to Mobile Policies,” Pror. /7111 IFIP 11 international conference on Information Security. Cairo, Egypt, May 2002, To appear.Google Scholar
  9. 8.
    V. Swauup. “Automatic generation of high assurance security guard filters,” Proc. 17th National Computer Security Coglerenre, Baltimore, Md., October 1994.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Douglas E. Williams
    • 1
  • Amgad Fayad
    • 1
  • Sushil Jajodia
    • 1
  • Daniel Calle
    • 1
  1. 1.The MITRE CorporationMcLeanUSA

Personalised recommendations