000000299 001__ 299
000000299 005__ 20150119005132.0
000000299 037__ $$aLERSSE-THESIS-2015-001
000000299 100__ $$aKonstantin Beznosov
000000299 245__ $$aEngineering Access Control For Distributed Enterprise Systems
000000299 260__ $$c2000-07-18
000000299 300__ $$a230
000000299 520__ $$aAccess control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embed- ding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role- based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.
000000299 8560_ $$flersse-it@ece.ubc.ca
000000299 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/299/files/beznosov_phd_thesis.pdf
000000299 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/299/files/beznosov_phd_thesis.pdf?subformat=pdfa$$xpdfa
000000299 909C4 $$pFlorida International University, 2000
000000299 980__ $$aTHESIS