Resource Names for Resource Access Decision (Facility)
Presentation given to the joint SecSIG/CORBAmed session on Resource Access Decision facility, as part of the presentation on the revised submission to the OMG Healthcare Resource Access Control RFP....
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSupporting Relationships in Access Control Using Role Based Access Control
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common...
View ArticleUpcoming OMG HealthCare Resource Access Control Facility
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
View ArticleSecondary and Approximate Authorization Model (SAAM) and its Application to...
The talk defines the secondary and approximate authorization model (SAAM). In SAAM, approximate authorization responses are inferred from cached primary responses, and therefore provide an alternative...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleEmploying Secondary and Approximate Authorizations to Improve Access Control...
The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization...
View ArticleSupport for ANSI RBAC in CORBA
We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language...
View ArticleProceedings of the Second EECE 512 Mini-Conference on Computer Security
The proceedings of the second mini-conference of the EECE 512 course on Topics in Computer Security include four papers: 1. "Controlling Access to Resources Within The Python Interpreter" by Brett...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleThe Secondary and Approximate Authorization Model and its Application to BLP...
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View ArticleUsability Meets Access Control: Challenges and Research Opportunities
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from “Why nobody, even experts, uses access control lists...
View ArticleAnalysis of ANSI RBAC Support in Commercial Middleware
This thesis analyzes the access control architectures of three middleware technologies: Common Object Request Broker Architecture (CORBA), Enterprise Java Beans (EJB), and Component Object Model...
View ArticleTowards Improving the Availability and Performance of Enterprise...
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy...
View ArticleAuthorization Recycling in Hierarchical RBAC Systems
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point...
View ArticleAnalysis of ANSI RBAC Support in COM+
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using...
View ArticleTowards Improving the Performance of Enterprise Authorization Systems using...
With the emergence of tighter corporate policies and government regulations, access control has become an integral part of business requirements in enterprises. The authorization process in enterprise...
View ArticleSpeculative Authorization
As enterprises aim towards achieving zero latency for their systems, latency introduced by authorization process can act as an obstacle towards achieving their goal. We present...
View ArticleSpeculative Authorization
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future,...
View ArticleContextualizing Privacy Decisions for Better Prediction (and Protection)
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the...
View ArticleContextual Permission Models for Better Privacy Protection
Despite corporate cyber intrusions attracting all the attention, privacy breaches that we, as ordinary users, should be worried about occur every day without any scrutiny. Smartphones, a household...
View Article
