Task - Based Authorization : a Paradigm for Flexible and Adaptable
نویسندگان
چکیده
Historically, the access control problem has been couched within the framework of subjects, objects, and rights (access types). An access control request thus essentially seeks an answer to a question posed typically as: Is subject s allowed access a (or possess the right a) to object o? A tuple (s; o; a), which we de ne as an authorization, can be input to a function f , which returns true (or false), to indicate if the subject s has the right a (or not) to object o. We can visualize the implementation of such a function with an access control matrix. This subject-object view can be traced to the subject-object paradigm of access control that was formulated in the early era of the development of general multi-user computers and operating systems [7, 5]. Over the last two decades we have seen considerable advancements in the discipline of computer security. In particular, we have seen the evolution and development of many access control models. The initial proposals of Lampson [7] and Graham and Denning [5] led to formulation of the HRU model by Harrison, Ruzzo, and Ullman [6]. This was followed by the development of the Take-Grant Model. A good summary of these early e orts (in the rst decade) can be found in [13]. More recent e orts have resulted in the Schematic Protection Model (SPM) by Sandhu [8], the Extended Schematic Protection
منابع مشابه
Towards a Task-based Paradigm for Exible and Adaptable Access Control in Distributed Applications
Historically, the access control problem has been couched within the framework of subjects, object, and rights. In this paper we argue for a newer paradigm for distributed and multi-system applications, that transcends the subject-object view of access control. This new paradigm views access control and authorization not in terms of individual subjects and object, but rather in terms of long-li...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملArchitecting Adaptable Security Infrastructures for Pervasive Networks through Components
Security management in pervasive networks should be fundamentally flexible. The dynamic and heterogeneous character of these environments requires a security infrastructure which can be tailored to different operating conditions, at variable levels of granularity, during phases of design, deployment, and execution. This is possible with component-based security architecture. We illustrate the b...
متن کاملAn Authorization Architecture Oriented to Engineering and Scientific Computation in Grid Environments
Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on...
متن کامل