Flooding and Recycling Authorizations
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers...
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticleExperience Report: Design and Implementation of a Component-Based Protection...
This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET...
View ArticleCITI Fault Report Classification and Encoding for Vulnerability and Risk...
Effective functionalities of many of the critical infrastructures depend on Communication and Information Technology Infrastructure (CITI). As such, any fault in CITI can disrupt the operation of these...
View ArticleAccountability and Availability
Learning objectives: Comprehend the principles of security accountability and availability. Overview: Key principles of security accountability and availability are outlined and applied to application...
View ArticleA Framework for Implementing Role-based Access Control Using CORBA Security...
The paper shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and...
View ArticleA Design of An Authorization Service
Outline: • CORBA security model • What CORBA Access Model does[ not] Cover • Healthcare Resource Access Control (H-RAC) high level view • Authorization Service framework design details
View ArticleA Framework for Implementing Role-based Access Control Using CORBA Security...
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of...
View ArticleA Framework for Implementing Role-based Access Control Using CORBA Security...
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of...
View ArticleA Resource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleA Study of Three Workstation-Server Architectures for Object Oriented...
It presents a paper by David DeWitt, et al \"A Study of Three Workstation-Server Architectures for Object Oriented Database Systems\".
View ArticleAccess Control
Learning objectives: Comprehend the principles behind access control mechanisms used in today\\\\\\\'s: * operating systems, * middleware, * virtual machines. Overview: In this module, the principles...
View ArticleAccess Control Architectures: COM+ vs. EJB
This tutorial provides an overview of access control mechanisms in two most popular commercial middleware technologies, COM+ and EJB. Three main aspects of the mechanisms are explained: a) how...
View ArticleSupporting end-to-end Security Across Proxies with Multiple-Channel SSL
Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure...
View ArticleAn Overview of The Ongoing Research at LERSSE
This presentation provides an overview of the research projects undergoing at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).
View ArticleAnalysis of Scalable Security – MC-SSL Savings
This paper investigates how MC-SSL can alleviate the CPU requirements of secure web transactions by using multiple channels, each with its own, different, cipher suite, and switching the channel based...
View ArticleApplicability of CORBA Security to the Healthcare Problem Domain
This paper suggests directions OMG Healthcare Domain Task Force (CORBAmed) could take in proposing OMG standards related to security in the healthcare vertical domain. The ideas are based on the...
View ArticleApplying Aspect-Orientation in Designing Security Systems: A Case Study
As a security policy model evolves, the design of security systems using that model could become increasingly complicated. It is necessary to come up with an approach to guide the development, reuse...
View Article
