Security Engineering for High Assurance, Policy-Based Applications
Abstract
This report describes a research effort to define methods of analysis, components, and tools for handling information in an environment with complex trust and security relationships. The effort consists of two related tasks. The first task is to provide proper access control for data that is shared by multiple organizations in a networked environment. In particular, we describe an access control mechanism that factors security administration among different administrative entities. The access control language is object-oriented and facilitates the construction of default policies for newly created objects. The second task is to provide methods for describing and achieving the proper behavior of programs that may be executed in accessing shared data. In particular, we have designed three ways in which to express aspects of proper program behavior, developed program checking strategies for all three, and produced languages and checking tools for two of them. 1) PolyJ is a tool-supported extension to Java that provides improved compile-time assurance for the correctness of Java programs. 2)IFlow is a language and static checking strategy for describing and controlling information flow. 3) Naccio is a tool-supported code-transformation system for ensuring that executable mobile code adheres to user-defined security policies.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2002
- Accession Number
- ADA406368
Entities
People
- Andrew Myers
- David Evans
- David M. Rosenthal
- Francis Fung
- Stephen Garland