CSC '94 Proceedings of the 22nd annual ACM computer science conference on Scaling up : meeting the challenge of complexity in real-world computing applications: meeting the challenge of complexity in real-world computing applications
The essential CORBA: systems integration using distributed objects
The essential CORBA: systems integration using distributed objects
Corba security: an introduction to safe computing with objects
Corba security: an introduction to safe computing with objects
Security models for web-based applications
Communications of the ACM
A language extension for expressing constraints on data access
Communications of the ACM
Protection in operating systems
Communications of the ACM
The Java Language Specification
The Java Language Specification
ICSR-6 Proceedings of the 6th International Conerence on Software Reuse: Advances in Software Reusability
Merging Capabilities with the Object Model of an Object-Oriented Abstract Machine
ECOOP '98 Workshop ion on Object-Oriented Technology
Proceedings of the Third International Workshop on Persistent Object Systems
A Two-Level Architecture for Semantic Protection of Persistent Distributed Objects
SMT '00 Proceedings of the International Conference on software Methods and Tools (SMT'00)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
Opsis: a distributed object architecture based on bracket capabilities
CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
Flexible enterprise access control with object-oriented view specification
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
| Hi-index | 0.00 |
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Research systems based on capabilities provide a more secure mechanism but also fail to support more flexible security constraints such as parameter restrictions, logging and state-dependent access. They also fail to enforce a strict need-to-know view of a persistent object for each user. In this paper we present the concept of bracket capabilities as a new, simple security mechanism which fulfils these requirements. We discuss the reasons for integrating bracketing and view types at a fundamental level of the security mechanism. We demonstrate the use of the mechanism in a simple E-commerce environment to provide secure electronic cheques and describe a prototype implementation of the mechanism in middleware for secure, distributed Java applications.