Scalable access control for distributed object systems

Authors:
Daniel F. Sterne;Gregg W. Tally;C. Durward McDonell;David L. Sherman;David L. Sames;Pierre X. Pasturel;E. John Sebes
Affiliations:
NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;Kroll-O'Gara Information Security Group
Venue:
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Year:
1999

Citing 5
Cited 5

DCE security programming

DCE security programming
Role-Based Access Control Framework for Network Enterprises

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Integrating security in CORBA based object architectures

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
An Authorization Scheme For Distributed Object Systems

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Confining root programs with domain and type enforcement (DTE)

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Napoleon: network application policy environment

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Generating wrappers for command line programs: the Cal-Aggie Wrap-O-Matic project

ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Secure virtual enclaves: Supporting coalition use of distributed application technologies

ACM Transactions on Information and System Security (TISSEC)
Models for coalition-based access control (CBAC)

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

A key obstacle to the widespread use of distributed object oriented systems is the lack of scalable access control mechanisms. It is often necessary to control access to individual objects and methods. In large systems, however, these can be so numerous that the resulting proliferation of access control information becomes overwhelming. We describe Object Oriented Domain and Type Enforcement (OO-DTE), a technology for organizing, specifying, and enforcing access control that has been prototyped and integrated with commercial ORBs and SSL. OO-DTE provides fine-grained control and scalability via a compilable symbolic policy language. We discuss our experience building and using OO-DTE and compare OO-DTE with the access control terminology, concepts, and requirements described in CORBA Security.