000000129 001__ 129
000000129 005__ 20130522141947.0
000000129 037__ $$aLERSSE-REPORT-2007-019
000000129 041__ $$aeng
000000129 100__ $$aKonstantin Beznosov
000000129 100__ $$aWesam Darwish
000000129 245__ $$aSupport for ANSI RBAC in CORBA
000000129 260__ $$c2007-05-04
000000129 520__ $$a We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language than the CORBA Security specification (CORBASec). Using the configuration definition, we suggest an algorithm that formally specifies the semantics of authorization decisions in CORBA. We analyze support for the American National Standard Institute (ANSI) specification of Role-Based Access Control (RBAC) components in CORBA and identify the functionality that needs to be implemented—in addition to compliance with the CORBASec—in order to support Core, Hierarchical, and Constrained RBAC. We illustrate the discussion with a single access-policy domain as well as a multi-domain examples of the CORBASec protection system configuration. We also analyze support for the functional specification of ANSI RBAC in CORBA. Our results indicate that CORBA Security falls short of supporting even Core RBAC. Custom extensions are necessary in order for implementations compliant with CORBA Security to support ANSI RBAC required or optional components. These results can be interpreted as either a demonstration of CORBA’s inadequacy in supporting ANSI RBAC, or as a sign of ANSI RBAC not being sufficiently general. This paper sets up a framework for implementing and assessing implementations of ANSI RBAC using CORBA Security, provides directions for CORBA Security implementing ANSI RBAC in their systems, and offers criteria to users for selecting these CORBA Security implementations that support required and optional components of ANSI RBAC.
000000129 6531_ $$aANSI RBAC
000000129 6531_ $$aCORBA
000000129 6531_ $$aCORBASec
000000129 6531_ $$aRBAC
000000129 6531_ $$aaccess control
000000129 6531_ $$aprotection state
000000129 6531_ $$aAccess Control Models and Languages
000000129 8560_ $$fqiangw@ece.ubc.ca
000000129 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/129/files/129.pdf$$yTransfer from CDS 0.99.7
000000129 909C4 $$pKonstantin Beznosov, Wesam Darwish "Support for ANSI RBAC in CORBA," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-01, 26 July, 2007, pp.42.
000000129 980__ $$aREPORT