An access control model for dynamic client-side content

12 years 4 months ago
An access control model for dynamic client-side content
The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources are usually static, and an access control policy associated with each resource specifies who is authorized to access the resource. In this paper, we turn the traditional client/server access control model on its head, and address how to protect the sensitive content that clients disclose to servers. Since client content is dynamically generated at runtime, the usual approach of associating a policy with the resource (content) a priori does not work. In this paper, we propose an access control model for protecting client-side content that is dynamically generated and disclosed at runtime. Our model identifies sensitive content, maps the sensitive content to an access control policy, and establishes the trustworthiness of the server before disclosing the sensitive content to the server. ...
Adam Hess, Kent E. Seamons
Added 05 Jul 2010
Updated 05 Jul 2010
Type Conference
Year 2003
Authors Adam Hess, Kent E. Seamons
Comments (0)