Extending Objects to Support Multiple Interfaces and Access Control
IEEE Transactions on Software Engineering
Implementing role-based access control using object technology
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
SafeBots: a paradigm for software security controls
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Meta objects for access control: a formal model for role-based principals
Proceedings of the 1998 workshop on New security paradigms
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Programming Windows Security
Enterprise Security with EJB and CORBA
Enterprise Security with EJB and CORBA
A Resource Access Decision Service for CORBA-Based Distributed Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
User Authentication and Authorization in the Java(tm) Platform
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Verifiable Identifiers in Middleware Security
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Component-Based Architecture for Secure Data Publication
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The Authorization Service of Tivoli Policy Director
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
On the benefits of decomposing policy engines into components
ARM '04 Proceedings of the 3rd workshop on Adaptive and reflective middleware
Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Scalable authorization middleware for service oriented architectures
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
SEM'04 Proceedings of the 4th international conference on Software Engineering and Middleware
CBSE'05 Proceedings of the 8th international conference on Component-Based Software Engineering
Hi-index | 0.00 |
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests.Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.