Sciweavers

ACSAC
2005
IEEE

Uniform Application-level Access Control Enforcement of Organizationwide Policies

13 years 11 months ago
Uniform Application-level Access Control Enforcement of Organizationwide Policies
Fine-grained and expressive access control policies on application resources need to be enforced in applicationlevel code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organizationwide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced.
Tine Verhanneman, Frank Piessens, Bart De Win, Wou
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Where ACSAC
Authors Tine Verhanneman, Frank Piessens, Bart De Win, Wouter Joosen
Comments (0)