Description of Temporal Constraints Using Semantic Web in Role-Based Access Control
Proceedings of the 2006 conference on Knowledge-Based Software Engineering: Proceedings of the Seventh Joint Conference on Knowledge-Based Software Engineering
Hi-index | 0.00 |
The Common Object Request Broker Architecture (CORBA) is the most successful representative of an object-based distributed computing architecture. Although CORBA simplifies the implementation of complex, distributed systems significantly, the support of techniques for reliable, fault-tolerant, and secure software is very limited in the state-of-the-art CORBA. Extensions, such as the CORBAsec specification provide only a limited choice of coarse-grained mechanisms to specify access rights for components. Any fault-tolerance or security extension for CORBA components needs to trade off data abstraction and encapsulation against implementation specific knowledge about a component's internal behavior, resource usage, interaction and access patterns. These non-functional aspects of a component are crucial for the predictable behavior of security and fault-tolerance mechanisms. However, in contrast to CORBA's interface definition language (IDL), which describes a component's functional interface, there is no general means to describe a component's non- functional properties, such as security settings or fault- tolerance. Within this paper we present our approach towards role-based security for CORBA. Following the idea of aspect-oriented programming, we have developed a description language for security settings. The description language uses the eXtended Markup Language (XML) as an underlying representation and allows specification of access rights independently from an object's implementation. A role-editor tool allows for configuration of a component's security settings without affecting the component's source code. Security settings are enforced by our enhanced version of the ORBacus CORBA implementation. We discuss the necessary description and configuration steps for a secure CORBA service. We demonstrate how our previously developed distributed tele-laboratory application can be configured for secure access. One may notice that, although this configuration step required the development of a number of role descriptions, no modifications to the tele-laboratory's source code were necessary.