Special Edition Using Enterprise JavaBeans 2.0
Special Edition Using Enterprise JavaBeans 2.0
.NET framework security
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
A case study of separation of duty properties in the context of the Austrian "eLaw" process.
Proceedings of the 2005 ACM symposium on Applied computing
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
Multi-layer audit of access rights
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Consolidating the access control of composite applications and workflows
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Optimized workflow authorization in service oriented architectures
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Revocation of obligation and authorisation policy objects
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
| Hi-index | 0.00 |
In this paper we describe the eXtreme access control Tool (XacT) which provides an automated way to obtain access control information out of multi-layered applications. We believe that based on this information consistent access control policies can be specified to prevent over-privileged accounts. The main difficulty, that leads to these over-privileged accounts, comes from the distinction that must be made between identifying which users should perform a workflow task (resource management) and which users are allowed to perform a task (access control), as well as the fact that access control enforcement is typically spread over different layers in applications (e.g. database layer, operating system layer, workflow layer). In this paper, we present an automated way to obtain access control information out of multi-layered applications. We base our observations on recent insights into workflow controlled judicial information systems.