| The economy and security of modern society relies on increasingly distributed infrastructures and institutions, such as the banking system, government agencies, and commercial enterprises. This trend raises both the importance of access control technology and its complexity. Law-Governed Interaction (LGI) represents an advanced access control mechanism that satisfies many of the challenges posed by modern computing. LGI, however, has been defined for asynchronous, message passing, communication, leaving unsupported the wide range of applications that employ synchronous communication. Furthermore, no formal mechanism had been designed for adapting its policies in the presence of ever-changing security requirements.;My dissertation addresses these issues as follows. It introduces Regulated Synchronous Communication, a novel access control model for synchronous, request-reply communication; it proposes Hot Updates, a mechanism for changing the policy of a distributed system while the system continues to operate. Regulated Synchronous Communication extends the LGI mechanism to synchronous communication, thus providing advanced control over this important and popular mode of communication. Among the novel characteristics of this model are: the control of both the request and the reply; regulated timeout capability provided to clients, in a manner that takes into account the concerns of their server; and enforcement on both the client and server sides.;Hot Updates addresses the issue of changing the access control policy of a large distributed system, in the context of LGI. Hot Policy Updates undertakes a number of challenges such as (a) how to propagate the policy updates throughout the system, (b) when to update the policy with respect to an individual component, and (c) how to avoid, minimize or compensate possible inconsistencies that appear during the update process.;Both Regulated Synchronous Communication and Hot Updates had been implemented using Java Laws, a novel Java-based language for expressing access control policies for LGI. Java Laws provides a common platform for applying fine-grained access control particularly suitable for distributed applications written in Java. Among other advantages, Java Laws enables an efficient enforcement of access control, as well as good scalability and portability across various operating systems. |
