Abstract
Integration of security and object-oriented techniques is critical for the successful deployment of distributed object systems. In December of 1995, the Object Management Group published a security service specification called CORBA Security to handle security in object systems that conform to the Object Management Architecture. This paper provides a rigorous definition of the authorization part of CORBA Security. Its semantics is given in terms of an access control matrix. The dependencies among the authorization elements are analyzed and possible interpretations for access control decision functions are given. The expressivity of the authorization model to define a wide range of policies, in particular mandatory access control, is discussed.
Keywords
Download to read the full chapter text
Chapter PDF
References
E. Bertino, S. Jajodia, and P. Samarati. Access controls in object-oriented database systems: Some approaches and issues. In N. Adam and B. Bhargava, editors, Advanced Database Concepts and Research Issues, Lecture Notes in Computer Science #759, Chapter 2, Springer Verlag, 1993.
M. Benantar, G. Blakley, and A. Nadalin. Approach to object security in Distributed SOM. IBM Systems Journal, 35(2):192–203, 1996.
S.L. Chapin, W.R. Herndon, L. Notargiacomo, M.L. Katz, and T.J. Mowbray. Security for the common object request broker architecture (CORBA). In 10th Annual Computer Security Applications Conference, pages 21–30, Computer Society Press, 1994.
M. Harrison, W. Ruzzo, and J. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.
B. Hartman, D. Nessett, and N. Yialelis. Scalability of Security in Distributed Object Systems: Panel Session. In The Internet Society 1996 Symposium On Network And Distributed System Security (NDSS ’96), pages 40–41, Computer Society Press, 1996.
S. Jajodia, P. Samarati, V.S. Subrahmanian, and E. Bertino. A Unified Framework for Enforcing Multiple Access Control. In ACM SIGMOD Int’l. Conf. on Management of Data, SIGMOD Record (ACM Special Interest Group on Management of Data), 26(2), pages 474–485, 1997.
D. Jonscher and K.R. Dittrich. Argos — A Configurable Access Control System for Interoperable Environments. In D.L. Spooner, S. Demurjian, and J. Dobson, editors, Database Security, IX: Status and Prospects, Chapman & Hall, 1996.
Object Management Group. OMG White Paper on Security. Document 94.4.16, OMG Security Working Group, April 1994.
Object Management Group. Object Services RFP 3. Document 94-7-1, 1994.
Object Management Group. Object Management Architecture Guide. Revision 3.0, June 1995. John Wiley & Sons.
Object Management Group. The Common Object Request Broker: Architecture and Specification. Revision 2.0, July 1995.
Object Management Group. Security Service Specification. In CORBA services: Common Object Services Specification, Chapter 15, November 1997.
R.S. Sandhu. The typed access matrix model. In IEEE Symposium on Research in Security and Privacy, pages 122–136, Computer Society Press, 1992.
R.S. Sandhu and S. Ganta. On the minimality of testing for rights in transformation models. In IEEE Symposium on Research in Security and Privacy, pages 230–241, Computer Society Press, 1994.
D.L. Spooner. The impact of inheritance on security in object-oriented database systems. In C.E. Landwehr, editor, DATABASE SECURITY II: Status and Prospects, pages 141–150. Elsevier Science Publishers B.V. (North-Holland), 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karjoth, G. (1998). Authorization in CORBA security. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055861
Download citation
DOI: https://doi.org/10.1007/BFb0055861
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive