Analysis of ANSI RBAC Support in COM+

In most cases authors are permitted to post their version of the article (e.g. in Word or Tex form) to their personal website or institutional repository. Authors requiring further information regarding Elsevier's archiving and manuscript policies are encouraged to visit: a b s t r a c t a r t i c l e i n f o We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in COM+. We analyze the level of support for the American National Standard Institute's (ANSI) specification of role-based access control (RBAC) components and functional specification in COM+. Our results indicate that COM+ falls short of supporting even Core RBAC. The main limitations exist due to the tight integration of the COM+ architecture with the underlying operating system, which prevents support for session management and role activation, as specified in ANSI RBAC. In role-based access control (RBAC) systems, permissions are associated with roles and users are assigned to appropriate roles. A role can represent competency, authority, responsibility or specific duty assignments. A major purpose of RBAC is to facilitate access control administration and review. It arguably addresses the needs of the commercial enterprises better than lattice-based MAC [1] and owner-based DAC [2]. Many papers describe ways to model or implement RBAC using the technologies employed by the commercial users. Evidence of RBAC becoming a dominant access control paradigm is the approval of the American National Standard for Information Technology Role-Based Access Control (ANSI RBAC) [13] in 2004. The ANSI RBAC standard consists of two main parts: the RBAC Reference Model, and the RBAC System and Administrative Functional Specification. The two parts specify four profiles: Core RBAC with the minimum set of features included in all RBAC systems, Hierarchical RBAC that defines role hierarchies, as well as Static Separation of Duty Relations and Dynamic Separation of Duty Relations that define static and dynamic constraint relations, accordingly. At the same time, commercial middleware technologies—such as Common Object Request Broker Architecture (CORBA) [14], COM+ [15], Enterprise Java Beans (EJB) [16]—became mature, with distributed enterprise applications routinely developed with the use of middleware. Each middleware technology, however, comes with its own security subsystem [17–19], sometimes dependent and specific to the underlying operating …