Abstract
Specifying and managing access rights in large distributed systems is a non–trivial task. This paper presents a language–based approach to supporting policy-based management of access rights. We develop an object–oriented access model and a concrete syntax that is designed to allow both flexible and manageable access control policies for CORBA objects. We introduce a typed construct for access rights called view that allows static type checking of specifications and show how a realistic example policy is expressed using our notation.
This work is funded by the German Research Council (DFG), grant No. LO 447/5–1.
Chapter PDF
References
Adiron, http://www.adiron.com/
Baldwin, R.W.: Naming and grouping privileges to simplify security management in large databases. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 116–132 (1990)
Blaze, M., Feigenbaum, J., Lacy, J.: Distributed trust management. In: Proc. IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Brewer, D., Nash, M.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)
Brose, G.: JacORB – design and implementation of a Java ORB. In: Proc. International Conference on Distributed Applications and Interoperable Systems (DAIS 1997), Cottbus, Germany, pp. 143–154. Chapman & Hall, Boca Raton (1997)
Brose, G.: A view–based access model for CORBA. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 237–252. Springer, Heidelberg (1999)
Ferraiolo, D., Kuhn, R.: Role–based access control. In: Proc. 15th National Computer Security Conference (1992)
Hagimont, D.: Protection in the Guide object–oriented distributed system. In: Tokoro, M., Pareschi, R. (eds.) ECOOP 1994. LNCS, vol. 821, pp. 280–298. Springer, Heidelberg (1994)
Hayton, R.J., Bacon, J.M., Moody, K.: Access control in an open distributed environment. In: Proc. IEEE Symposium on Security and Privacy, pp. 3–14 (1998)
Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of the ACM 19(8), 461–471 (1976)
Jones, A., Liskov, B.: A language extension for expressing constraints on data access. Communications of the ACM 21(5), 358–367 (1978)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proc. International Conference on Management of Data, pp. 474–485 (1997)
Karjoth, G.: Authorization in CORBA security. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 143–158. Springer, Heidelberg (1998)
Lampson, B.W.: Protection. ACM Operating Systems Rev. 8(1), 18–24 (1974)
OMG. CORBAservices: Common Object Services Specification (November 1997)
OMG. Security Service Revision 1.5 (November 1998)
OMG. The Common Object Request Broker: Architecture and Specification, Revision 2.3 (June 1999)
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next–generation database systems. ACM Transactions on Database Systems 16(1), 88–131 (1991)
Richardson, J., Schwarz, P., Cabrera, L.-F.: CACL: Efficient fine–grained protection for objects. In: Proc. OOPSLA 1992, pp. 263–275 (1992)
Sandhu, R.S.: The typed access matrix model. In: Proc. IEEE Symposium on Security and Privacy, pp. 122–136 (1992)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role–based access control models. IEEE Computer 29(2), 38–47 (1996)
Sloman, M.: Policy driven management for distributed systems. Journal of Network and Systems Management, 2(4) (1994)
Scholl, M.H., Laasch, C., Tresch, M.: Updatable views in object–oriented databases. In: Delobel, C., Masunaga, Y., Kifer, M. (eds.) DOOD 1991. LNCS, vol. 566, pp. 189–207. Springer, Heidelberg (1991)
Stiegler, H.G.: A structure for access control lists. Software – Practice and Experience 9, 813–819 (1979)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brose, G. (2000). A Typed Access Control Model for CORBA. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_6
Download citation
DOI: https://doi.org/10.1007/10722599_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive