A Resource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleDesign and Implementation of Resource Access Decision Server
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement...
View ArticleEngineering Application-level Access Control in Distributed Systems
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in...
View ArticleFlooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleJAMES: Junk Authorizations for Massive-scale Enterprise Services
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the...
View ArticleMethod and System for Authorization and Access to Protected Resources
The present invention relates to the access of data resources using a Resource Access Decision Facility (RAD), preferably a CORBA RAD. More particularly, embodiments of the present invention provide...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework...
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...
View ArticleCooperative Secondary Authorization Recycling
As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleProceedings of the Second EECE 512 Mini-Conference on Computer Security
The proceedings of the second mini-conference of the EECE 512 course on Topics in Computer Security include four papers: 1. "Controlling Access to Resources Within The Python Interpreter" by Brett...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response...
View ArticleThe Secondary and Approximate Authorization Model and its Application to BLP...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleSpeculative Authorizations
In a large-scale enterprise system, making authorization decisions is often computationally expensive due to the complexity of the policies involved and the large size of the resource and user...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View ArticleTowards Improving the Availability and Performance of Enterprise...
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy...
View ArticleAuthorization Recycling in Hierarchical RBAC Systems
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point...
View Article