Improving the granularity of access control for Windows 2000

Swift, Michael M.; Hopkins, Anne; Brundrett, Peter; Dyke, Cliff Van; Garg, Praerit; Chan, Shannon; Goertzel, Mario; Jensenworth, Gregory

doi:10.1145/581271.581273

Cited by 18 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One is that resources that are protected in filesystems are different, and have different relationships with one another than in VCSes. The second is that typically, such schemes, such as the ones in POSIX-compliant systems [27] and Windows ACLs [29,30], have only two levels of administrators: a superuser ("root") and the owner of a file or directory. The owner has full discretion in handing out rights to resources that he owns.…”

Section: Related Workmentioning

confidence: 99%

An authorization scheme for version control systems

Chamarty

Patel

Tripunitara

2011

Proceedings of the 16th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment.

show abstract

Section: Related Workmentioning

confidence: 99%

An authorization scheme for version control systems

Chamarty

Patel

Tripunitara

2011

Proceedings of the 16th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

show abstract

“…Sun's J2EE [28] uses the RBAC pattern in the authorization service (e.g., password management systems in UNIX and Windows) for E-Commerce applications [29]. Solaris 8 uses the RBAC pattern to restrict access to tools and utilities.…”

Section: Known Usesmentioning

confidence: 99%

Describing access control models as design patterns using roles

Kim

Mehta

Gokhale

2006

Proceedings of the 2006 Conference on Pattern Languages of Programs

View full text Add to dashboard Cite

An access control model describes at a high level of abstraction a mechanism for governing access to shared resources. In this paper, we view an access control model as a design pattern providing a general solution for ensuring confidentiality, integrity and availability of information resources. We present three widely used access control models, DAC, MAC and RBAC as design patterns using the POSA template. We use an extension of the UML to represent the structure and behavior of the patterns. The extension enables capturing variations of pattern instances. We also attempt to give more details on the problem domain of the patterns to help pattern selection.

show abstract

“…CORBA Security also uses the notion of permission groups, called rights families, to extend the number of permissions [Karjoth 2000]. A different approach is used in Windows 2000, where the object type field of an ACL entry specifies to which portion of an object it refers [Swift et al 2002].…”

Section: Access Control Listsmentioning

confidence: 99%

Access control with IBM Tivoli access manager

Karjoth

2003

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

Web presence has become a key consideration for the majority of companies and other organizations. Besides being an essential information delivery tool, the Web is increasingly being regarded as an extension of the organization itself, directly integrated with its operating processes. As this transformation takes place, security grows in importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication and access management, technologies that have begun to emerge in the commercial marketplace. This paper describes the Authorization Service provided by IBM Tivoli Access Manager for e-business (AM) and its use by AM family members as well as thirdparty applications. Policies are defined over a protected object namespace and stored in a database, which is managed via a management console and accessed through an Authorization API. The protected object namespace abstracts from heterogeneous systems and thus enables the definition of consistent policies and their centralized management. ACL inheritance and delegated management allow these policies to be managed efficiently. The Authorization API allows applications with their own access control requirements to decouple authorization logic from application logic. Policy checking can be externalized by using either a proxy that sits in front of the Web servers and application servers or a plug-in that examines the request. Thus, AM familiy members establish a single entry point to enforce enterprise policies that regulate access to corporate data.

show abstract

Improving the granularity of access control for Windows 2000

Cited by 18 publications

References 17 publications

An authorization scheme for version control systems

An authorization scheme for version control systems

Describing access control models as design patterns using roles

Access control with IBM Tivoli access manager

Contact Info

Product

Resources

About