000000214 001__ 214
000000214 005__ 20130522141946.0
000000214 037__ $$aLERSSE-REPORT-2009-034
000000214 041__ $$aeng
000000214 100__ $$aWesam Darwish 
000000214 245__ $$aSupport for ANSI RBAC in EJB
000000214 260__ $$c2009-09-15
000000214 300__ $$a28
000000214 520__ $$aWe analyze access control mechanisms of the Enterprise Java Beans (EJB)architecture and define a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. We analyze the level of support for the American National Standard Institute's (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. Our results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to ANSI RBAC required components. Other vendor-specific extensions are necessary in order to support ANSI RBAC optional components. Fundamental limitations exist, however, due to impracticality of some aspects in the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.
000000214 6531_ $$aRBAC, EJB
000000214 700__ $$aKonstantin Beznosov
000000214 8560_ $$fsantsais@ece.ubc.ca
000000214 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/214/files/214.pdf$$yTransfer from CDS 0.99.7
000000214 909C4 $$pWesam Darwish and Konstantin Beznosov. Support for ANSI RBAC in EJB. Technical Report LERSSE-TR-2009-34, accessible from http://lersse-dl.ece.ubc.ca, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, January 21 2009
000000214 980__ $$aREPORT