Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2003: Security Protocols pp 119–130Cite as

Enforcing Security Policies for Distributed Objects Applications

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3364))

Abstract

In this paper we present the design and the implementation of a policy engine for enforcing security policies for distributed applications. Such policies, represented by using the RBAC model, include both how the distributed, shared and replicated objects are used, by mean of role certificates and how these roles are managed by means of administrative roles. The policy engine can enforce not only privileges to invoke methods with particular parameters and under specific conditions but also the permissions to execute such methods. The engine is offered as a middleware service such that application developers can concntrate on specify the security policies for their applications and they are realesed from the burden of implementing the mechanisms for the actual enforcement of such policies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Common Object Request Broker: Architecture and Specification. Document Formal (October 2000), http://www.omg.org

  2. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust-Management System, RFC 2704 2 (September 1999)

    Google Scholar 

  3. Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. RFC 2440 (November 1998)

    Google Scholar 

  4. Eddon, G., Eddon, H.: Inside Distibuted COM. Microsoft Press, Redmond (1998)

    Google Scholar 

  5. Grimsaw, A.S., Wulf, W.: Legion - a view from 50000 feet. In: Fifth IEEE Int’l Symp. on High Performance Distr. Computing, August 1996. IEEE Computer Society Press, Los Alamitos (1996)

    Google Scholar 

  6. Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: Proc. 7th ACM Conf. on Comp. and Comm. Security (November 2000)

    Google Scholar 

  7. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-based Trust Management Framework. In: Proc. IEEE Symp. on Security and Privacy, Oakland (May 2002)

    Google Scholar 

  8. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–48 (1996)

    Google Scholar 

  9. Union, I.T.: Open Systems Interconnection - The Directory: Public-Key and Attribute Certificate Frameworks (March 2000)

    Google Scholar 

  10. van Steen, M., Hauck, F.J., Homburg, P., Tanenbaum, A.S.: Locating Objects in Wide-Area Systems. IEEE Communications, 104–109 (January 1998)

    Google Scholar 

  11. van Steen, M., Homburg, P., Tanenbaum, A.: Globe: A Wide-Area Distributed System. IEEE Concurrency, 70–78 (January-March 1999)

    Google Scholar 

  12. Weeks, S.: Understanding Trust Management Systems. In: Proc. IEEE Symp. on Security and Privacy, May 2001, pp. 94–105 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Vrije Universiteit, Amsterdam

    Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum & Maas Zeeman

Authors
  1. Bogdan C. Popescu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bruno Crispo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew S. Tanenbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Maas Zeeman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  2. Georgia Institute of Technology, Atlanta, GA

    James A. Malcolm

  3. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Popescu, B.C., Crispo, B., Tanenbaum, A.S., Zeeman, M. (2005). Enforcing Security Policies for Distributed Objects Applications. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_16

Download citation

  • DOI: https://doi.org/10.1007/11542322_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28389-8

  • Online ISBN: 978-3-540-31836-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation