Uniform Application-level Access Control Enforcement of Organizationwide Policies

Tucson, Arizona December 05-December 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.59

21st Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Tine Verhanneman Articles by Frank Piessens Articles by Bart De Win Articles by Wouter Joosen

	ASCII Text	x
	Tine Verhanneman, Frank Piessens, Bart De Win, Wouter Joosen, "Uniform Application-level Access Control Enforcement of Organizationwide Policies," Computer Security Applications Conference, Annual, pp. 431-440, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.59, author = {Tine Verhanneman and Frank Piessens and Bart De Win and Wouter Joosen}, title = {Uniform Application-level Access Control Enforcement of Organizationwide Policies}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {431-440}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.59}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Uniform Application-level Access Control Enforcement of Organizationwide Policies SN - 1063-9527 SP431 EP440 A1 - Tine Verhanneman, A1 - Frank Piessens, A1 - Bart De Win, A1 - Wouter Joosen, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Tine Verhanneman, Katholieke Universiteit Leuven

Frank Piessens, Katholieke Universiteit Leuven

Bart De Win, Katholieke Universiteit Leuven

Wouter Joosen, Katholieke Universiteit Leuven

Fine-grained and expressive access control policies on application resources need to be enforced in applicationlevel code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement.

To address this problem, the concept of an access interface is introduced as a contract between an organizationwide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced.

Citation:

Tine Verhanneman, Frank Piessens, Bart De Win, Wouter Joosen, "Uniform Application-level Access Control Enforcement of Organizationwide Policies," acsac, pp.431-440, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.