An architecture for propagating modifications to mobile policies

摘要

The use of Mobile Policies offers an alternative to conventional access control mechanism. Instead of having an operating systems maintain the rules (policies) for determining who can access an object external to the object, Mobile Policies attach the policies directly to the object. In a distributed processing environment, such as a corporate LAN or the Internet making the polices for accessing an object as mobile as the object allows for greater security and reduces overhead. Distributing the policies along with the object does introduce some problems. This paper focuses on the problem of how to update mobile policies for objects that have been released. Additionally, the question of how to enforce the policies must be addressed. It is not enough to have an object carry its access rules with it; there still needs to be an enforcement mechanism. In this paper, we introduce the concept of a network of "trusted" servers that enforce the policies. These trusted servers, called "Key Escrow Servers" enforce the mobile policy carried by the object and release decryption keys only if the requesting user is granted access to the object (As part of the process of initial securing the object, it is encrypted.) The use of the Key Escrow Server offers two distinct advantages. First, the size of the trusted portion of the network is greatly reduced to just these servers. Second, because access to the object with the Mobile Policies requires validation by a Key Escrow Server, it can be used to update the Mobile Policies any time that access to the object is requested.