Object Security Attributes: Enabling Application-Specific Access Control in Middleware

Authors:
Konstantin Beznosov
Affiliations:
-
Venue:
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Year:
2002

Citing 12
Cited 5

Extending Objects to Support Multiple Interfaces and Access Control

IEEE Transactions on Software Engineering
Implementing role-based access control using object technology

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
SafeBots: a paradigm for software security controls

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Meta objects for access control: a formal model for role-based principals

Proceedings of the 1998 workshop on New security paradigms
XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Programming Windows Security

Programming Windows Security
Enterprise Security with EJB and CORBA

Enterprise Security with EJB and CORBA
A Resource Access Decision Service for CORBA-Based Distributed Systems

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
User Authentication and Authorization in the Java(tm) Platform

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Verifiable Identifiers in Middleware Security

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Component-Based Architecture for Secure Data Publication

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The Authorization Service of Tivoli Policy Director

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference

On the benefits of decomposing policy engines into components

ARM '04 Proceedings of the 3rd workshop on Adaptive and reflective middleware
Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies

Electronic Notes in Theoretical Computer Science (ENTCS)
Scalable authorization middleware for service oriented architectures

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Here's your LegoTM security kit: how to give developers all protection mechanisms they will ever need

SEM'04 Proceedings of the 4th international conference on Software Engineering and Middleware
Experience report: design and implementation of a component-based protection architecture for ASP.NET web services

CBSE'05 Proceedings of the 8th international conference on Component-Based Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests.Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.