zoukankan      html  css  js  c++  java
  • Flask architecture

    论文The Flask Security Architecture: System Support for Diverse Security Policies 介绍了Flask architecture

    以下节选自该论文


    Figure 1: The Flask architecture. Components which enforce security policy decisions are referred to as object managers. Components which provide security decisions to the object managers are referred to as security servers. The decision making subsystem may include other components such as administrative interfaces and policy databases, but the interfaces among these components are policy-dependent and are therefore not addressed by the architecture.

        The Flask security architecture [44], as shown in Figure1, describes the interactions between subsystems that enforce security policy decisions and a subsystem which makes those decisions, and the requirements on the components within each subsystem. The primary goal of the architecture is to provide for flexibility in the security policy by ensuring that these subsystems always have a consistent view of policy decisions regardless of how those decisions are made or how they may change over time. Secondary goals for the architecture include application transparency, defense-in-depth, ease of assurance,and minimal performance impact.
        The Flask security architecture provides three primary elements for object managers. First, the architecture provides interfaces for retrieving access, labeling and polyinstantiation decisions from a security server. Access decisions specify whether a particular permission is granted between two entities, typically between a subject and an object. Labeling decisions specify the security attributes to be assigned to an object. Polyinstantiation decisions specify which member of a polyinstantiated set of resources should be accessed for a particular request.Second, the architecture provides an access vector cache (AVC) module that allows the object manager to cache access decisions to minimize the performance overhead.Third, the architecture provides object managersthe ability to register to receive notifications of changes to the security policy.
        Object managers are responsible for defining a mechanism for assigning labels to their objects. A control policy, which specifies how security decisions are used to control the services provided by the object manager,must be defined and implemented by each object manager. This control policy addresses threats in the most general fashion by providing the security policy with control over all services provided by the object manager and by permitting these controls to be configurable based on threat. Each object manager must define handling routines which are called in response to policy changes. For all uses of polyinstantiation, each object manager must define the mechanism by which the proper instantiation of a resource is chosen.

  • 相关阅读:
    2、react-生命周期1※※※
    4.vue class 绑定- model基础应用
    1.react的基础
    Leetcode 5429 数组中的 k 个最强值
    leetcode 21.合并两个有序链表(迭代)
    【Postman请求无响应】Can not get any response
    【PageHelper】插件不生效的原因及解决办法
    【fasterxml.jackson】字段(反)序列号问题Access.WRITE_ONLY
    【SpringCloud-Maven】依赖版本比对
    【Charles】抓包工具使用
  • 原文地址:https://www.cnblogs.com/tswcypy/p/4561303.html
Copyright © 2011-2022 走看看