Flexible Enterprise Access Control with Object-oriented View Specification
نویسنده
چکیده
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Given the increasing use of webbased applications involving sensitive data, the increased threat and the stringent requirements of privacy laws, a more flexible and secure approach is needed. In this paper we present a three-step approach to access control involving object-oriented encapsulation, middleware based on a new, more secure access control mechanism and the high-level specification of method-oriented views. We demonstrate the use of the approach in a simple web-based E-commerce environment to provide secure electronic cheques.
منابع مشابه
Managing Security in Object-based Distributed Systems Using Ponder
Security management involves specification and deployment of access control policies as well as activities such as registration of users or logging and auditing events for dealing with access to critical resources or security violations. The management actions to be performed when an event occurs depend on the enterprise policy. Reusable composite policy specifications are important to cater fo...
متن کاملThe Ponder Policy Specification Language
The Ponder language provides a common means of specifying security policies that map onto various access control implementation mechanisms for firewalls, operating systems, databases and Java. It supports obligation policies that are event triggered condition-action rules for policy based management of networks and distributed systems. Ponder can also be used for security management activities ...
متن کاملReconstructing a formal security model
Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily und...
متن کاملAnalysis of ANSI RBAC Support in Commercial Middleware
This thesis analyzes the access control architectures of three middleware technologies: Common Object Request Broker Architecture (CORBA), Enterprise Java Beans (EJB), and Component Object Model (COM+). For all technologies under study, we formalize the protection state of their corresponding authorization architectures in a more precise and less ambiguous language than their respective specifi...
متن کاملModels for Trustworthy Service and Process Oriented Systems
Service and process-oriented systems promise to provide more effective business and work processes and more flexible and adaptable enterprise IT systems. However, the technologies and standards are still young and unstable, making research in their theoretical foundations increasingly important. Our studies focus on two dichotomies: the global/local views of service interactions, and their impe...
متن کامل