Access control in configurable systems

Abstract

In a configurable system, operating systems and applications are composed dynamically from executable modules. Since dyneimically downloaded modules may not be entirely trusted, the system must be able to restrict their access rights. Current systems assign permissions to modules based on their executor, provider, and/or name. Since such modules may serve specific purposes in programs (i.e., services or applications), it should be possible to restrict their access rights based on the program for which they are used and the current state of that program. In this paper, we examine the access control infrastructure required to support the composition of systems and applications from modules. Access control infrastructure consists primarily of two functions: access control policy specification and enforcement of that policy. We survey representations for access control policy specification and mechanisms for access control policy enforcement to show the flexibility they provide and their limits. We then show how the Lava Security Architecture is designed to support flexible policy specification and enforcement.