Flooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticleA Resource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleDesign and Implementation of Resource Access Decision Server
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement...
View ArticleEngineering Application-level Access Control in Distributed Systems
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. It reviews application-level access control available in...
View ArticleFlooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleJAMES: Junk Authorizations for Massive-scale Enterprise Services
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the...
View ArticleMethod and System for Authorization and Access to Protected Resources
The present invention relates to the access of data resources using a Resource Access Decision Facility (RAD), preferably a CORBA RAD. More particularly, embodiments of the present invention provide...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework...
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleThe Secondary and Approximate Authorization Model and its Application to...
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. Our secondary and approximate authorization model (SAAM) defines the...
View ArticleCooperative Secondary Authorization Recycling
As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleProceedings of the Second EECE 512 Mini-Conference on Computer Security
The proceedings of the second mini-conference of the EECE 512 course on Topics in Computer Security include four papers: 1. "Controlling Access to Resources Within The Python Interpreter" by Brett...
View Article
