Network and Distributed System Security, Symposium on (1996)
San Diego, CA
Feb. 22, 1996 to Feb. 23, 1996
Nicholas Yialelis , Department of Computing, Imperial College, London SW7 2BZ, United Kingdom
Morris Sloman , Department of Computing, Imperial College, London SW7 2BZ, United Kingdom
This paper describes a security framework for object-based distributed systems which is being developed in the CORBA-compliant OrbixTM environment. This framework allows the development of secure distributed applications on existing operating systems that do not support distributed security. The design aims at making the authentication and access control mechanisms transparent to the application level and supporting access control policies specified using the concept of the management domain. This concept has been developed as a means of specifying policies in terms of groups of objects. The description focuses on how the Access Control List paradigm is combined with pseudo capabilities which are used as hints to improve the time-efficiency of the access control decision mechanism. The protocols to support the (cascaded) delegation of access rights to agents acting on behalf of a grantor are explained. A brief description of the authentication mechanism is also given.
access control, authentication, certificates, delegation, management domain, security architecture, security policy
M. Sloman and N. Yialelis, "A Security Framework Supporting Domain Based Access Control in Distributed Systems," Network and Distributed System Security, Symposium on(SNDSS), San Diego, CA, 1996, pp. 26.