000000263 001__ 263
000000263 005__ 20130522141940.0
000000263 037__ $$aLERSSE-RefJnlPaper-2011-001
000000263 100__ $$aWesam Darwish
000000263 245__ $$aAnalysis of ANSI RBAC Support in EJB
000000263 260__ $$c2011-08-04
000000263 300__ $$a28
000000263 520__ $$aThis paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, the authors suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. The level of support is analyzed for the American National Standard Institute’s (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. The results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to support ANSI RBAC required components. Other vendor-specific extensions are necessary to support ANSI RBAC optional components. Fundamental limitations exist, however, due to the impracticality of some aspects of the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.
000000263 6531_ $$aRBAC
000000263 6531_ $$aEJB
000000263 700__ $$aKonstantin Beznosov
000000263 8560_ $$fsantsais@ece.ubc.ca
000000263 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/263/files/263.pdf$$yTransfer from CDS 0.99.7
000000263 909C4 $$pWesam Darwish and Konstantin Beznosov. Analysis of ANSI RBAC support in EJB. International Journal of Secure Software Engineering, 2(2):25-52, April-June 2011.
000000263 980__ $$aRefJnlPaper