CACL: efficient fine-grained protection for objects
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
CSC '94 Proceedings of the 22nd annual ACM computer science conference on Scaling up : meeting the challenge of complexity in real-world computing applications: meeting the challenge of complexity in real-world computing applications
Corba security: an introduction to safe computing with objects
Corba security: an introduction to safe computing with objects
A language extension for expressing constraints on data access
Communications of the ACM
Protection in operating systems
Communications of the ACM
Bracket capabilities for distributed systems security
ACSC '02 Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4
ICSR-6 Proceedings of the 6th International Conerence on Software Reuse: Advances in Software Reusability
A Model of Methods Access Authorization in Object-oriented Databases
VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Security Engineering of Lattice-Based Policies
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Two-Level Architecture for Semantic Protection of Persistent Distributed Objects
SMT '00 Proceedings of the International Conference on software Methods and Tools (SMT'00)
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The Cambridge CAP computer and its operating system (Operating and programming systems series)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
| Hi-index | 0.00 |
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Given the increasing use of web-based applications involving sensitive data, the increased threat and the stringent requirements of privacy laws, a more flexible and secure approach is needed. In this paper we present a three-step approach to access control involving object-oriented encapsulation, middleware based on a new, more secure access control mechanism and the high-level specification of method-oriented views. We demonstrate the use of the approach in a simple web-based E-commerce environment to provide secure electronic cheques.