000000079 001__ 79
000000079 005__ 20130522141952.0
000000079 037__ $$aLERSSE-PRESENTATION-2005-040
000000079 041__ $$aeng
000000079 100__ $$aKonstantin Beznosov
000000079 245__ $$aSecurity Engineering for Large Scale Distributed Applications
000000079 260__ $$c2005-10-16
000000079 520__ $$aThe way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and error-prone to build, deploy, and integrate, b) complex and error-prone to operate and administer, and still c) far from being adequate to the real-life problems.  Drawing on my academic and industrial experiences, I will discuss several recently invented techniques that can improve engineering of security mechanisms for distributed systems. I will specifically talk about improving those mechanisms that are based on the decision-enforcement paradigm, and will use access control as a representative example. I will examine in detail one particular method, Attribute Function, which enables the use of application-specific data in authorization decisions while keeping distributed applications security unaware.  The talkl was given at the following organizations: * Departement Computerwetenschappen, Katholieke Universiteit Leuven, on June 19, 2003. * Department of Electrical and Computer Engineering, University of British Columbia, on March 7, 2003. * The Department of Computing and Software, McMaster University, on February 25, 2003. * Faculty of Computer Science, Dalhousie University, on January 28, 2003.
000000079 6531_ $$adistributed systems security
000000079 6531_ $$adecision-enforcement paradigm
000000079 6531_ $$aaccess control
000000079 6531_ $$aEngineering Security Mechanisms
000000079 8560_ $$fqiangw@ece.ubc.ca
000000079 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/79/files/79.pdf$$yTransfer from CDS 0.99.7
000000079 909C4 $$pKonstantin Beznosov, "Security Engineering for Large Scale	Distributed Applications," Talk given at the Department of Computer Science,	Vrije University, Amsterdam, 17 December, 2004. 
000000079 980__ $$aPRESENTATION