Sciweavers

Share
COOPIS
2002
IEEE

Object Security Attributes: Enabling Application-Specific Access Control in Middleware

11 years 3 months ago
Object Security Attributes: Enabling Application-Specific Access Control in Middleware
This paper makes two main contributions towards establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to show that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement ones, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security. Keywords Middleware Security, Access ...
Konstantin Beznosov
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where COOPIS
Authors Konstantin Beznosov
Comments (0)
books