Authorization in Distributed Systems: A New Approach1

Woo, T.Y.C.; Lam, Simon S.

doi:10.3233/jcs-1993-22-304

Cited by 124 publications

(67 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Logic-based languages, for their expressive power and formal foundations, represent a good candidate. The first work investigating logic-languages for the specification of authorizations is the work by Woo and Lam [91]. Their proposal makes the point for the need of flexibility and extensibility in access specifications and illustrates how these advantages can be achieved by abstracting from the low level authorization triples and adopting a high level authorization language.…”

Section: Logic-based Authorization Languagesmentioning

confidence: 99%

Access Control: Policies, Models, and Mechanisms

Samarati

Vimercati

2001

Lecture Notes in Computer Science

452

289

View full text Add to dashboard Cite

Abstract. Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.

show abstract

Section: Logic-based Authorization Languagesmentioning

confidence: 99%

Access Control: Policies, Models, and Mechanisms

Samarati

Vimercati

2001

Lecture Notes in Computer Science

452

289

View full text Add to dashboard Cite

show abstract

“…Woo and Lam from the University of Texas at Austin researched the theory and practice of constructing a distributed authorization service [Woo 1993a, Woo 1993b, Woo 1993c, Woo 1993d, Woo 1998]. As as result, they designed such a service [Woo 1993c, Woo 1998], the key features of which are a language-based approach for specifying authorization rules and authenticated delegation.…”

Section: Distributed Authorization Service From the University Of Texasmentioning

confidence: 99%

“…As as result, they designed such a service [Woo 1993c, Woo 1998], the key features of which are a language-based approach for specifying authorization rules and authenticated delegation. Their design is based on the prior work of Neuman [Neuman 1993], where he outlines an authorization protocol for distributed application systems.…”

Section: Distributed Authorization Service From the University Of Texasmentioning

confidence: 99%

Engineering access control for distributed enterprise applications

Beznosov¹,

Deng²

View full text Add to dashboard Cite

iv ACKNOWLEDGMENTS Kent Wreder directed my original steps towards addressing the problem of access control for distributed enterprise applications. Thanks to his encouragements and support, I had a very quick start. Eric Butler and Eric Navarro introduced me to the work of IT architects and were great colleagues.My advisor, Yi Deng, was an unending source of useful and pragmatic advice. He helped me to see the problems more broadly and at the same time be more specific. His patience, compassion and belief in me were instrumental in the completion of this journey.Thanks also to him for reading my dissertation and suggesting structural and stylistic changes that made it much more valuable and comprehendible. Yi, thanks for everything.I would like to thank Yi's students --Suresh Chegireddy, Banaglore Gururprakash, Luis Espinal, Manish Mahajan and Nathan Vuong --for their input during our numorous discussions on CAAS. Luis deserves special thanks for he has been a great help to me throughout my research, we did most of CAAS design and implementation together, and I Miami, FloridaProfessor Yi Deng, Major Professor Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. viiIn this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the rolebased access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem.In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.

show abstract

“…However, there has been some work in representing policies in logic [9,30]. Woo and Lam [30] propose the use of default logic for authorization policies.…”

Section: Introductionmentioning

confidence: 99%