Object Security Attributes: Enabling Application-specific Access Control in Middleware

Konstantin Beznosov

16 October 2005

Abstract: This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.

Keyword(s): middleware security ; access control ; authorization ; CORBA ; SDMM ; attribute function ; Engineering Security Mechanisms

Published in: Proceedings of 4th International Symposium on Distributed Objects and Applications (DOA), Irvine, California: (October 28 - November 1, 2002) pp. 693-710

The record appears in these collections:
Engineering Security Mechanisms
Refereed Conference Papers

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)