Sciweavers

ACISP
1998
Springer

Meta Objects for Access Control: Role-Based Principals

14 years 3 months ago
Meta Objects for Access Control: Role-Based Principals
Abstract. Most current object-based distributed systems support access control lists for access control. However, it is difficult to determine which principal information to use for authentication of method calls. Domain-based and thread-based principals suffer from the problem of privileges being leaked. Malicious objects can trick privileged objects or threads to accidently use their privileges (UNIX s-bit problem). We introduce role-based principals to solve this problem. Each object reference may be associated with a role, which determines trust, authentication and permissible data flow via the reference. An object may act in different roles when interacting with different other parties. Exchanged references automatically inherit the role. By initially defining such roles, stablish a security policy on a very high abstraction level. Our security model is based on meta objects: principal meta objects provide principal information for method invocation, access control meta objects im...
Thomas Riechmann, Jürgen Kleinöder
Added 05 Aug 2010
Updated 05 Aug 2010
Type Conference
Year 1998
Where ACISP
Authors Thomas Riechmann, Jürgen Kleinöder
Comments (0)