Access Control in Distributed Object Systems: Problems With Access Control Lists
نویسنده
چکیده
A security mechanism that has its origin in operating systems is the Access Control List. It specifies the access rights a principal has on an object (or resource). An example is an entry such as “User A can Read file X’. Often such lists are distributed throughout a system instead of being confined to one physical location (because a single location could become a bottleneck). ACL’s are being used in distributed systems due to their simplicity. There is a vast literature on ACL’s due to their origin in operating systems. In [l]; some reasons why ACL’s are inadequate for the security of distributed systems are given: In this paper we look at some drawbacks of access control lists (A CL s) that are in wide use. Ke.wtords: Access Control, -4ccess Control List 64 CL), Distributed Svstenu.
منابع مشابه
Object-oriented Access Control in Jarrah
Given the sensitivity of the data stored in many information systems and the use of networks to support distributed applications, it is increasingly important to enable precise control of who can access the data in what way. Standard per-method access control lists are not sufficient to capture the complexity of the access constraints which arise if the concept of minimal access is taken seriou...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملImplementation Considerations for the Typed Access Matrix Model in a Distributed Environment
The typed access matrix (TAM) model was recently de ned by Sandhu. TAM combines the strong safety properties for propagation of access rights obtained in Sandhu's Schematic Protection Model, with the natural expressive power of Harrison, Ruzzo, and Ullman's model. In this paper we consider the implementation of TAM in a distributed environment. To this end we propose a simpli ed version of TAM ...
متن کاملA State-Transition Model of Trust Management and Access Control
We use a state-transition approach to analyze and compare the core access control mechanisms that are characteristic of a variety of trust management, access control list, and capability-based systems. The framework, which characterizes the set of rights a subject has over an object after any sequence of actions, is based on abstract system states, state transitions, and logical deduction of ac...
متن کاملFOR DISTRIBUTED SYSTEMS Domino B 1 / IC / 3 . 1 18 September 1990
This paper discusses a proposed framework for specifying access control policy for very large distributed processing systems. These typically consist of multiple interconnected networks and span the computer systems belonging to different organisations. This implies the need for cooperation between independent managers to specify access control policy. The policy specification should permit int...
متن کامل