000000065 001__ 65
000000065 005__ 20130522141952.0
000000065 037__ $$aLERSSE-PRESENTATION-2005-030
000000065 041__ $$aeng
000000065 100__ $$aKonstantin Beznosov
000000065 245__ $$aObject Security Attributes: Enabling Application-specific Access Control in Middleware
000000065 260__ $$c2005-10-16
000000065 520__ $$aThis presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.
000000065 6531_ $$amiddleware security
000000065 6531_ $$aaccess control
000000065 6531_ $$aauthorization
000000065 6531_ $$aCORBA
000000065 6531_ $$aSDMM
000000065 6531_ $$aattribute function
000000065 6531_ $$aEngineering Security Mechanisms
000000065 8560_ $$fqiangw@ece.ubc.ca
000000065 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/65/files/65.pdf$$yTransfer from CDS 0.99.7
000000065 909C4 $$pKonstantin Beznosov, "Object Security Attributes: Enabling	Application-specific Access Control in Middleware," presented at the 4th	International Symposium on Distributed Objects Applications (DOA), Irvine,	California, 29 October, 2002. 
000000065 980__ $$aPRESENTATION