ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
User Authentication and Authorization in the Java(tm) Platform
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Stateful distributed interposition
ACM Transactions on Computer Systems (TOCS)
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Uniform Application-level Access Control Enforcement of Organizationwide Policies
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Causeway: support for controlling and analyzing the execution of multi-tier applications
Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Kerberos: an authentication service for computer networks
IEEE Communications Magazine
A comparison of two approaches for achieving flexible and adaptive security middleware
Proceedings of the 2008 workshop on Middleware security
Hi-index | 0.00 |
State-of-the-art security mechanisms are often enforced in isolation from each other, which limits the kinds of policies that can be enforced in distributed and heterogeneous settings. More specifically, it is hard to enforce application-level policies that affect, or use information from multiple distributed components. This paper proposes the concept of a Security Service Bus (SSB), which is a dedicated communication channel between the applications and the different security mechanisms. The SSB treats the security mechanisms as reusable, stand-alone security services that can be bound to the applications and it allows the enforcement of advanced policies by providing uniform access to application-level information. This leads to a security infrastructure that is more flexible and more manageable and that can enforce more expressive policies.