Tine Verhanneman, F. Piessens, Bart De Win, W. Joosen
{"title":"Uniform application-level access control enforcement of organizationwide policies","authors":"Tine Verhanneman, F. Piessens, Bart De Win, W. Joosen","doi":"10.1109/CSAC.2005.59","DOIUrl":null,"url":null,"abstract":"Fine-grained and expressive access control policies on application resources need to be enforced in application-level code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organization-wide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Fine-grained and expressive access control policies on application resources need to be enforced in application-level code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organization-wide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
