A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Eiffel: the language
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Role-Based Access Control Models
Computer
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
A language extension for expressing constraints on data access
Communications of the ACM
Protection in operating systems
Communications of the ACM
The Java Language Specification
The Java Language Specification
Dealing with Security Requirements During the Development of Information Systems
CAiSE '93 Proceedings of Advanced Information Systems Engineering
Protection in the Guide Object-Oriented Distributed System
ECOOP '94 Proceedings of the 8th European Conference on Object-Oriented Programming
Authorization in CORBA Security
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Raccoon - An Infrastructure For Managing Access Control in CORBA
Proceedings of the IFIP TC6 / WG6.1 Third International Working Conference on New Developments in Distributed Applications and Interoperable Systems
ACM SIGOPS Operating Systems Review
Policy Definition Language for Automated Management of Distributed Systems
SMW '96 Proceedings of the 2nd IEEE International Workshop on Systems Management (SMW'96)
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Formal access control analysis in the software development process
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
An MDA approach to Access Control Specifications Using MOF and UML Profiles
Electronic Notes in Theoretical Computer Science (ENTCS)
SecTOOL: supporting requirements engineering for access control
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
An access control language for dynamic systems – model-driven development and verification
SDL'05 Proceedings of the 12th international conference on Model Driven
| Hi-index | 0.00 |
Specifying and managing access rights in large distributed systems is a non-trivial task. This paper presents a language-based approach to policy-based management of access rights. We develop an object-oriented access model and a concrete syntax that is designed to allow both flexible and manageable access control policies for CORBA objects. We introduce a typed construct for access rights called view that allows static type checking of specifications and show how a realistic example policy is expressed using this notation.