| Author(s) |
Evered, Mark Peter
|
| Publication Date |
2002
|
| Abstract |
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Research systems based on capabilities provide a more secure mechanism but also fail to support more flexible security constraints such as parameter restrictions, logging and state-dependent access. They also fail to enforce a strict need-to-know view of a persistent object for each user. In this paper we present the concept of bracket capabilities as a new, simple security mechanism which fulfils these requirements. We discuss the reasons for integrating bracketing and view types at a fundamental level of the security mechanism. We demonstrate the use of the mechanism in a simple Ecommerce environment to provide secure electronic cheques and describe a prototype implementation of the mechanism in middleware for secure, distributed Java applications.
|
| Citation |
Computer Science 2002: Proceedings of the Twenty-Fifth Australasian Computer Science Conference (ACSC2002), v.7, p. 51-58
|
| ISBN |
0909925828
|
| Link | |
| Language |
en
|
| Publisher |
Australian Computer Society (ACS)
|
| Title |
Bracket Capabilities for Distributed Systems Security
|
| Type of document |
Conference Publication
|
| Entity Type |
Publication
|
| Name | Size | format | Description | Link |
|---|