A SAML Framework for Attribution, Delegation and Least Privilege

Abstract

Delegation, Attribution and Least P1ivilege are an implicit part of information sharing. In operation systems like Windows,there is no security enforcement for code running in kernel mode and therefore such code always runs with maximum privileges. The principle of least privilege therefore demands the use of a user mode solution when given the choice between a kernel mode and user mode solution if the two solutions provide the same results. Discussions in this paper will be restricted to OSI model levels five and above. This paper desc1ibes the SAML delegation framework in the context of a large enclave-based architecture currently being implemented by the US Air Force. Benefits of the framework include increased flexibility to handle a number of different delegation business scenarios, decreased complexity of the solution, and greater account ability with only a modest amount of additional infrastructure required.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2010
Accession Number
AD1124177

Entities

People

  • Coimbatore S. Chandersekaran
  • William R. Simpson

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Cyber
  • Human Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Air Force Personnel
  • Commerce
  • Community Of Practice
  • Computer Networks
  • Cybersecurity
  • Data Management
  • Department Of Defense
  • Electronic Mail
  • External Stores
  • Information Assurance
  • Information Exchange
  • Information Operations
  • Information Processing
  • Information Security
  • Information Systems
  • National Security
  • Operating Systems
  • Security
  • Standards
  • United States
  • Web Service

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Government and Public Administration Law.
  • Parallel and Distributed Computing.