Object Security Attributes: Enabling Application-Specific Access Control in Middleware

Beznosov, Konstantin

doi:10.1007/3-540-36124-3_47

Cited by 11 publications

(15 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As it was argued in [2], the use of target attributes reduces the need for mixing authorization and other security logic with business logic. These application-specific attributes and the mechanism for obtaining them at run time are directly based on the prior work on Attribute Function [2,18].…”

Section: Permission Constructionmentioning

confidence: 99%

“…These application-specific attributes and the mechanism for obtaining them at run time are directly based on the prior work on Attribute Function [2,18]. The extensible retrieval mechanism is designed as a replaceable TargetAttributeRetriever interface, with a simple implementation provided by the architecture implementation.…”

Section: Permission Constructionmentioning

confidence: 99%

“…The architecture's flexibility and extensibility have been achieved through a component-based design that follows the architectural styles of RAD [4,5,17] and Attribute Function [2]. This architecture has been implemented in a real-world security solution.…”

Section: Conclusion and Acknowledgementmentioning

confidence: 99%

“…These properties were achieved via 1. separating custom SOAP [21] extension modules, which act as ASP.NET-specific A&A enforcement logic, from the A&A decision logic; 2. following Resource Access Decision (RAD) architecture style [4,5,17], which, through the decomposition of the authorization engine into components, makes the customization of access control decision logic easier and avoids the need for a generic policy evaluation engine; 3. taking advantage of the extensibility, inheritance, and caching features of ASP.NET web.config configuration mechanism; and 4. separating the logic of retrieving attributes from the authorization and business logic by following the Attribute Function (AF) approach [2]. Although this paper discusses the design of a protection architecture for Web services, we believe that our approach and design decisions could be useful in a broader context of component-based protection sub-systems for distributed applications.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services

Beznosov

2005

Component-Based Software Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET container security mechanisms render them inadequate for hosting enterprise-scale applications that have to be protected according to diverse and/or complex applicationspecific security policies. In this paper we report on our experience of designing and implementing a component-based architecture for protecting enterprisegrade Web service applications hosted by ASP.NET. Due to its flexibility and extensibility, this architecture enables the integration of ASP.NET into the organizational security infrastructure with less effort by Web service developers. The architecture has been implemented in a real-world security solution. This paper also contributes a best practice on constructing flexible and extensible authentication and authorization logic for Web services by using Resource Access Decision and Attribute Function (AF) architectural styles. Furthermore, the lessons learned from our design and implementation experiences are discussed throughout the paper.

show abstract

Section: Permission Constructionmentioning

confidence: 99%

Section: Permission Constructionmentioning

confidence: 99%

Section: Conclusion and Acknowledgementmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services

Beznosov

2005

Component-Based Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…The use of target attributes reduces the need for mixing authorization and other security logic with business logic. These applicationspecific attributes and the mechanism for obtaining them are directly based on our prior work on Attribute Function (AF) [33,34], overview of which is provided in Appendix B. 4.…”

Section: Adaptable Information For Authorization Decisionsmentioning

confidence: 99%

Here’s Your LegoTM Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need

Beznosov¹

2005

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Security Maintenance Mediation: a technology for preventing unintended security breaches

King

2003

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYWeb-resident information is becoming 'smarter', in the sense that emerging technology will support the annotation of it with ontological terms, which will be used to locate and reuse information. This will pose a great security risk in the form of unintended breaches (as distinct from deliberate invasions). Web-resident information will be far more readily available and relevant, thus causing inadvertent releases of secure information to potentially cause it to be diffusely spread across the Internet. Then as this information is iteratively transformed and integrated with other information, it will become irretrievable and potentially used in a myriad of unpredictable ways. The problem is that ontological annotations, while making information more understandable in its original form, do not provide a means for easily capturing the complex semantics of information that has been transformed via abstraction, aggregation, and integration. This demands the development of a semantically rich way of specifying 'views' of Web information, to which security controls can be attached. Also needed is a way for users of secure information to easily and voluntarily blend-and thereby propagate-security controls as information is transformed. Information mediators designed by collaborative teams of experts are proposed as the vehicle for wrapping information, so that at each step of reuse, high-level views and their corresponding integrity controls can be made easily accessible to trusted users who will then be able to ensure their proper maintenance.

show abstract

Object Security Attributes: Enabling Application-Specific Access Control in Middleware

Cited by 11 publications

References 12 publications

Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services

Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services

Here’s Your LegoTM Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need

Security Maintenance Mediation: a technology for preventing unintended security breaches

Contact Info

Product

Resources

About