A new security policy for distributed resource management and access control

Abstract

The common security policies of access control and resource management are based upon a central managing authority, called the system administration, that is ultimately responsible for the management of a usage policy. This management is usually done with some combination of mandatory access control and discretionary access control methods, where each user is granted (or denied) privileges and resources depending on the usage policies enforced at that particular system. System administration includes the management of system resources, user accounts, and user privileges. This security policy is typified by an operating system such as UNIX, and it introduces several dificulties when working in a distributed computing environment. This paper addresses distributed resource management and access control. It proposes a new version of the “Distributed Compartment Model” (DChf), first developed by Greenwald in his 1994 doctoral dissertation. DCM consists of two major components: Handles, a method for role based access control, and Distributed Compartments, a method allowing users to manage resources within a distributed system across administrative domain boundaries. This new version of DCM discussed in this paper is a refinement of the original formal security policy model. This paper concentrates on the history and background of the problems motivating the creation of DCM, describes the informal security policy, proposes some ezample scenan’os as to how DCM could be used, and concludes with a discussion of the results of this research.