000000184 001__ 184
000000184 005__ 20130522141945.0
000000184 037__ $$aLERSSE-THESIS-2009-001
000000184 041__ $$aeng
000000184 100__ $$aWesam M. Darwish
000000184 245__ $$aAnalysis of ANSI RBAC Support in Commercial Middleware
000000184 260__ $$c2009-04-01
000000184 300__ $$a124p
000000184 520__ $$aThis thesis analyzes the access control architectures of three middleware technologies: Common
Object Request Broker Architecture (CORBA), Enterprise Java Beans (EJB), and Component
Object Model (COM+). For all technologies under study, we formalize the protection state of their
corresponding authorization architectures in a more precise and less ambiguous language than their
respective specifcations. We also suggest algorithms that defne the semantics of authorization
decisions in CORBA, EJB, and COM+. Using the formalized protection state confgurations, we
analyze the level of support for the American National Standard Institute's (ANSI) specifcation
of Role-Based Access Control (RBAC) components and functional specifcation in the studied
middleware technologies. This thesis establishes a framework for assessing implementations of
ANSI RBAC in the analyzed middleware technologies.
Our fndings indicate that all of three middleware technologies under study fall short of supporting
even Core ANSI RBAC. Custom extensions are necessary in order for implementations
compliant with each middleware to support ANSI RBAC required or optional components. Some
of the limitations preventing support of ANSI RBAC are due to the middleware's architectural
design decisions; however, fundamental limitations exist due to the impracticality of some aspects
of the ANSI RBAC standard itself.
000000184 6531_ $$aANSI RBAC
000000184 6531_ $$aRBAC
000000184 6531_ $$aCORBA
000000184 6531_ $$aAccess Control
000000184 8560_ $$fdubelyoo@gmail.com
000000184 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/184/files/184.pdf$$yTransfer from CDS 0.99.7
000000184 909C4 $$pWesam M. Darwish, "Analysis of ANSI RBAC Support in Commercial Middleware," Master thesis, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, April, 2009, pp.124.
000000184 980__ $$aTHESIS