000000064 001__ 64
000000064 005__ 20130522141942.0
000000064 037__ $$aLERSSE-RefConfPaper-2005-011
000000064 041__ $$aeng
000000064 100__ $$aKonstantin Beznosov
000000064 245__ $$aObject Security Attributes: Enabling Application-specific Access Control in Middleware
000000064 260__ $$c2005-10-16
000000064 520__ $$aThis paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.
000000064 6531_ $$amiddleware security
000000064 6531_ $$aaccess control
000000064 6531_ $$aauthorization
000000064 6531_ $$aCORBA
000000064 6531_ $$aSDMM
000000064 6531_ $$aattribute function
000000064 6531_ $$aEngineering Security Mechanisms
000000064 8560_ $$fqiangw@ece.ubc.ca
000000064 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/64/files/64.pdf$$yTransfer from CDS 0.99.7
000000064 909C4 $$c693-710$$pProceedings of 4th International Symposium on
Distributed Objects and Applications (DOA), Irvine,
California$$yOctober 28 - November 1, 2002
000000064 980__ $$aRefConfPaper