|Home > Refereed Conference Papers > Object Security Attributes: Enabling Application-specific Access Control in Middleware|
16 October 2005
Abstract: This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.
Keyword(s): middleware security ; access control ; authorization ; CORBA ; SDMM ; attribute function ; Engineering Security Mechanisms
Published in: Proceedings of 4th International Symposium on Distributed Objects and Applications (DOA), Irvine, California: (October 28 - November 1, 2002) pp. 693-710