000000024 001__ 24
000000024 005__ 20130522141956.0
000000024 037__ $$aLERSSE-PRESENTATION-2005-010
000000024 041__ $$aeng
000000024 100__ $$aKonstantin Beznosov
000000024 245__ $$aArchitectural Separation of Authorization and Application Logic in Distributed Systems 
000000024 260__ $$c2005-10-16
000000024 520__ $$aSecurity is an essential feature and foremost concern to enterprise software systems. Today, application-level access control (and other security) functions are based on complex, fine-grain and/or context-dependent policies, and thus are largely embedded in application systems. This results in multiple-point security control, which makes system integration and security administration tremendously difficult, costly and error-prone.  In this talk, we present our ongoing effort to address the above problems and to achieve the objectives of application access control by integrating the latest results in distributed object technology and software security under an architecture-centered approach for system composition. The main direction of our approach is the development of an open, adaptive and application-independent distributed authorization service based on emerging middleware standards such as CORBA. The service provides authorization decisions to distributed application systems. It establishes the structural basis for system composition, and for ensuring overall performance, availability and reliability of enterprise-wide authorization services. The use of external authorization service has a promise to overcome most of the drawbacks of coupling authorization logic with application logic. The same approach might be generalized and applied for other security properties of distributed application systems. However several important questions have to be addressed before the approach could be considered viable.  We expect the study to show (1) if the architectural separation of functional and nonfunctional system properties is viable for contemporary distributed computing technologies in general, and (2) if authorization logic can be effectively decoupled from application logic in particular. The research has direct implications on the practice of constructing distributed application systems.  The talk was given at: * Department of Computer Science, Middlesex College, The University of Western Ontario, London, ON, Canada, 30 May.  * Department of Computer Science, York University, Toronto, ON, Canada, 29 May.  * IBM Zurich Research Laboratory, Rüeschlikon, Switzerland, 22 May. * Erik Jonsson School of Engineering and Computer Science, The University of Texas at Dallas, TX, USA, 1 May. * Computer and Information Sciences Department, Temple University, Philadelphia, PA, USA, 11 April. 
000000024 6531_ $$aaccess control
000000024 6531_ $$asoftware engineering
000000024 6531_ $$aCORBA
000000024 6531_ $$adistributed applications
000000024 6531_ $$aEngineering Security Mechanisms
000000024 8560_ $$fqiangw@ece.ubc.ca
000000024 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/24/files/24.pdf$$yTransfer from CDS 0.99.7
000000024 909C4 $$pKonstantin Beznosov, "Architectural Separation of	Authorization and Application Logic in Distributed Systems," talk given at	several organizations, see abstract for details, April--May, 2000. 
000000024 980__ $$aPRESENTATION