Abstract
In this paper we present the design and the implementation of a policy engine for enforcing security policies for distributed applications. Such policies, represented by using the RBAC model, include both how the distributed, shared and replicated objects are used, by mean of role certificates and how these roles are managed by means of administrative roles. The policy engine can enforce not only privileges to invoke methods with particular parameters and under specific conditions but also the permissions to execute such methods. The engine is offered as a middleware service such that application developers can concntrate on specify the security policies for their applications and they are realesed from the burden of implementing the mechanisms for the actual enforcement of such policies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
The Common Object Request Broker: Architecture and Specification. Document Formal (October 2000), http://www.omg.org
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust-Management System, RFC 2704 2 (September 1999)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. RFC 2440 (November 1998)
Eddon, G., Eddon, H.: Inside Distibuted COM. Microsoft Press, Redmond (1998)
Grimsaw, A.S., Wulf, W.: Legion - a view from 50000 feet. In: Fifth IEEE Int’l Symp. on High Performance Distr. Computing, August 1996. IEEE Computer Society Press, Los Alamitos (1996)
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: Proc. 7th ACM Conf. on Comp. and Comm. Security (November 2000)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust Management Framework. In: Proc. IEEE Symp. on Security and Privacy, Oakland (May 2002)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–48 (1996)
Union, I.T.: Open Systems Interconnection - The Directory: Public-Key and Attribute Certificate Frameworks (March 2000)
van Steen, M., Hauck, F.J., Homburg, P., Tanenbaum, A.S.: Locating Objects in Wide-Area Systems. IEEE Communications, 104–109 (January 1998)
van Steen, M., Homburg, P., Tanenbaum, A.: Globe: A Wide-Area Distributed System. IEEE Concurrency, 70–78 (January-March 1999)
Weeks, S.: Understanding Trust Management Systems. In: Proc. IEEE Symp. on Security and Privacy, May 2001, pp. 94–105 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Popescu, B.C., Crispo, B., Tanenbaum, A.S., Zeeman, M. (2005). Enforcing Security Policies for Distributed Objects Applications. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_16
Download citation
DOI: https://doi.org/10.1007/11542322_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)