Partial outsourcing: a new paradigm for access control
Proceedings of the eighth ACM symposium on Access control models and technologies
A unified security framework for networked applications
Proceedings of the 2003 ACM symposium on Applied computing
| Hi-index | 0.00 |
Secure distributed applications often include code to authenticate users, verify access rights, and establish secure communication channels between software components (e.g., clients and servers). This code is often specific to the application and to the context in which the application is used. Embedding protection definitions in the application code makes it difficult to reuse because different applications often have very different protection constraints. In this paper we argue that protection definitions should be specified separately from application code in order to facilitate protection reconfiguration and software reuse. This separation may be achieved by specifying protection definitions in an Protection Interface Definition Language, and is implemented by proxies installed between software components that are executing in different protection contexts (e.g., between client and server).Mechanisms for creation and dynamic installation of protection proxies have been implemented in a distributed shared memory system, and the viability of our solution is demonstrated by a simple name server, which is currently being reused in three different protection contexts.