Corpus ID: 14016228

A Large-scale System Authorization Scheme Proposal Integrating Java, CORBA and Web Security Models and a Discretionary Prototype

@inproceedings{Westphall1999ALS,
  title={A Large-scale System Authorization Scheme Proposal Integrating Java, CORBA and Web Security Models and a Discretionary Prototype},
  author={Carla Merkle Westphall and Joni da Silva Fraga},
  booktitle={LANOMS},
  year={1999}
}
This paper presents an authorization scheme for large-scale networks that involves programming models and tools represented by Web, Java and CORBA. The authorization scheme is based on structures and concepts introduced in Web, Java and CORBA for security. A discretionary prototype is presented here, where the solutions adopted involving a concrete scheme are discussed. This scheme was developed in order to simplify authorization policy implementation in these systems. These policies are based… Expand
Policap-Proposal, Development and Evaluation of a Policy. Service and Capabilities for CORBA Security
TLDR
In this paper, operations of security management not currently included in the OMG standards are also proposed and an evaluation of these results based on Common Criteria, ISO standard 15408 are presented. Expand
A Model for Integrating Security Technologies on JaCoWeb Authorization Scheme
An integration of SSL and JacORB, according to the CORBA securit y model – which does not affect the functionality and characteristics of the ORB, is presented in this paper. The project andExpand
Adapting the UCON_ABC Usage Control Policies on CORBASec Infrastructure
TLDR
The JaCoWeb-ABC infrastructure is an extension of the CORBASec specification that applies the UCONABC access control model to its security layer, making it possible to block access in case inappropriate behavior is identified. Expand
Support for ANSI RBAC in CORBA
TLDR
A framework for implementing and assessing implementations of ANSI RBAC using CORBA Security is set up, directions for CORba Security implementing ANSIRBAC in their systems are provided, and criteria to users for selecting these CORBA security implementations that support required and optional components of AN SI RBAC are offered. Expand
Analysis of ANSI RBAC support in commercial middleware
TLDR
This thesis establishes a framework for assessing implementations of ANSI RBAC in the analyzed middleware technologies and suggests algorithms that define the semantics of authorization decisions in CORBA, EJB, and COM+. Expand
Analysis of ANSI RBAC Support in COM+
TLDR
It is indicated that COM+ falls short of supporting even Core RBAC, and an algorithm is suggested that formally specifies the semantics of authorization decisions in COM+. Expand
Analysis of ANSI RBAC Support in EJB
TLDR
This paper analyzes access control mechanisms of the Enterprise Java Beans EJB architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than theEJB 3.0 standard, and suggests an algorithm that formally specifies the semantics of authorization decisions in EJB. Expand
Controle de Acesso Baseado em Pap´ eis para o Modelo CORBA de Seguranca
This paper shows how role-based access control (RBAC) models can be implemented in distributed object-based systems that follow OMG/CORBA standards. We introduce a novel approach that allowsExpand

References

SHOWING 1-10 OF 26 REFERENCES
Authorization in CORBA Security
TLDR
This paper provides a rigorous definition of the authorization part of CORBA Security in terms of an access control matrix and the expressivity of the authorize model to define a wide range of policies, in particular mandatory access control. Expand
A framework for implementing role-based access control using CORBA security service
TLDR
The paper shows how role-based access control (RBAC) models could be implemented using CORBA security service and describes what is required from an implementation of CORBA Security service in order to support RBAC0RBAC3 models. Expand
Integrating security in CORBA based object architectures
TLDR
A distributed security architecture for incorporation into object oriented distributed computing systems, and in particular, into OMG's CORBA based object architectures, to make CORBA resilient to both component failures and malicious attacks. Expand
Web Security Sourcebook
TLDR
This book discusses basic Browser Security and User Privacy, as well as Transaction Security and the Web, and creating Secure CGI Scripts for Secure Web Commerce. Expand
Programming languages for mobile code
TLDR
This study describes several classes of mobile code and extracts their common characteristics, where security proves to be one of the major concerns. Expand
OrbixWeb Programmer’s Guide
  • IONA Technologies, 1997.
  • 1997
Security Service:v1.2 Final
  • OMG Document Number 98-01-02, Nov. 1998.
  • 1998
Authorization Schemes for Distributed Programming based on Java/CORBA/Web Security Models
  • Doctor Exam, LCMI-UFSC, Certificate no. 165.863, book 277, page 4, Rio de Janeiro, Brazil, Aug. 1998.
  • 1998
Authorization Schemes for Distributed Programming based on Java/CORBA/Web Security Models Doctor Exam, LCMI-UFSC, Certificate no. 165
  • Authorization Schemes for Distributed Programming based on Java/CORBA/Web Security Models Doctor Exam, LCMI-UFSC, Certificate no. 165
  • 1998
Current State of CORBA Security in Practice – CORBA Security Service Implementations and other CORBA Security Products
  • University of Cambridge – Computer Laboratory, 1998.
  • 1998
...
1
2
3
...