Abstract
This paper describes a new access control scheme for distributed object-oriented systems. This scheme defines new access rights, called symbolic rights that control the authorization to perform high level operations involving several objects. We present these new access rights and give an example of their usefulness.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
B. Meyer, Object-Oriented Software Construction. Prentice Hall, 1988.
T. Keefe, W. Tsai, and M. Thuraisingham, “SODA: a Secure Object-oriented Database System,” Computers and Security, vol. 8, no. 6, pp. 517–533, 1989.
T. Lunt, “Multilevel Security for Object-Oriented Database Systems,” in Proc. IFIP WG 11.3 Workshop on Database Security (D. Spooner and C. Landwher, eds.), (Monterey, California), pp. 199–209, North-Holland, September 1989.
N. Boulahia-Cuppens, F. Cuppens, A. Gabillon, and K. Yazdanian, “Multilevel Security in Object-Oriented Databases,” in Proc. of the OOPSLA 93 Conference Worshop on Security in Object-Oriented Systems (B. Thuraisingham, R. Sandhu, and T. Ting, eds.), (Washington DC), pp. 79–89, Springer-Verlag, September 1993.
S. Jajodia and B. Kogan, “Integrating an Object-Oriented Data Model with MultiLevel Security,” in Proc. of the 1990 IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 48–69, May 1990.
“Corba Security.” OMG TC Document 95-12-1, décembre 1995.
L. van Doorn, M. Abadi, M. Burrows, and E. Wobber, “Secure Network Objects,” in Proc. of the IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 211–221, May 1996.
B. Lampson, “Protection,” ACM Operating Systems Review, vol. 8, no. 1, pp. 18–24, 1974.
A. S. Tanenbaum and al., “Using Sparse Capabilities in a Distributed Operating Systems,” in Proc. of the 6th International Conference on Distributed Computing Systems, (Cambridge, MA), pp. 558–563, May 1986.
L. Gong, “A Secure Identity-Based Capablity Systems,” in Proc. of the IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 56–63, May 1989.
J. Kohl and C. Neuman, “The Kerberos Network Authentification Service (V5),” RFC 1510, September 1993.
T. Parker, “A Secure European System for Applications in a Multi-vendor Environment (The SESAME Project),” in Proc. of the 14th National Computer Security Conference, NCSC and NIST, (Washington), pp. 505–513, October 1991.
M. Gasser and E. McDermott, “An Architecture for Practical Delegation in a Distributed System,” in Proc. of the IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 20–30, May 1990.
V. Nicomette and Y. Deswarte, “An access Control Scheme for Distributed Object Systems,” Tech. Rep. 95450, LAAS-CNRS, november 1995.
V. Nicomette and Y. Deswarte, “A Multilevel Security Model for Distributed Object Systems,” in to appear in Proc. of European Symposium On Research In Computer Security (ESORICS96), (Rome(Italy)), September 1996.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nicomette, V., Deswarte, Y. (1996). Symbolic rights and vouchers for access control in distributed object systems. In: Jaffar, J., Yap, R.H.C. (eds) Concurrency and Parallelism, Programming, Networking, and Security. ASIAN 1996. Lecture Notes in Computer Science, vol 1179. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0027792
Download citation
DOI: https://doi.org/10.1007/BFb0027792
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62031-0
Online ISBN: 978-3-540-49626-7
eBook Packages: Springer Book Archive