zoukankan      html  css  js  c++  java
  • Flask architecture

    论文The Flask Security Architecture: System Support for Diverse Security Policies 介绍了Flask architecture

    以下节选自该论文


    Figure 1: The Flask architecture. Components which enforce security policy decisions are referred to as object managers. Components which provide security decisions to the object managers are referred to as security servers. The decision making subsystem may include other components such as administrative interfaces and policy databases, but the interfaces among these components are policy-dependent and are therefore not addressed by the architecture.

        The Flask security architecture [44], as shown in Figure1, describes the interactions between subsystems that enforce security policy decisions and a subsystem which makes those decisions, and the requirements on the components within each subsystem. The primary goal of the architecture is to provide for flexibility in the security policy by ensuring that these subsystems always have a consistent view of policy decisions regardless of how those decisions are made or how they may change over time. Secondary goals for the architecture include application transparency, defense-in-depth, ease of assurance,and minimal performance impact.
        The Flask security architecture provides three primary elements for object managers. First, the architecture provides interfaces for retrieving access, labeling and polyinstantiation decisions from a security server. Access decisions specify whether a particular permission is granted between two entities, typically between a subject and an object. Labeling decisions specify the security attributes to be assigned to an object. Polyinstantiation decisions specify which member of a polyinstantiated set of resources should be accessed for a particular request.Second, the architecture provides an access vector cache (AVC) module that allows the object manager to cache access decisions to minimize the performance overhead.Third, the architecture provides object managersthe ability to register to receive notifications of changes to the security policy.
        Object managers are responsible for defining a mechanism for assigning labels to their objects. A control policy, which specifies how security decisions are used to control the services provided by the object manager,must be defined and implemented by each object manager. This control policy addresses threats in the most general fashion by providing the security policy with control over all services provided by the object manager and by permitting these controls to be configurable based on threat. Each object manager must define handling routines which are called in response to policy changes. For all uses of polyinstantiation, each object manager must define the mechanism by which the proper instantiation of a resource is chosen.

  • 相关阅读:
    PHP版根据经纬度和半径计算出经纬度的范围
    使用GPS经纬度定位附近地点(某一点范围内查询)
    sql语句查询经纬度范围
    Android检测是否安装了指定应用
    Android 定时器实现的几种方式和removeCallbacks失效问题详解
    Android Service与Activity之间通信的几种方式
    Android操作系统11种传感器介绍
    Android录音--AudioRecord、MediaRecorder
    Android广播接收者应用(电话拦截器)
    收藏夹
  • 原文地址:https://www.cnblogs.com/tswcypy/p/4561303.html
Copyright © 2011-2022 走看看