An Authorization Scheme For Distributed Object Systems

Oakland, CA May 04-May 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601310

1997 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by V. Nicomette Articles by Y. Deswarte

	ASCII Text	x
	V. Nicomette, Y. Deswarte, "An Authorization Scheme For Distributed Object Systems," Security and Privacy, IEEE Symposium on, pp. 0021, 1997 IEEE Symposium on Security and Privacy, 1997.

	BibTex	x
	@article{ 10.1109/SECPRI.1997.601310, author = {V. Nicomette and Y. Deswarte}, title = {An Authorization Scheme For Distributed Object Systems}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {1997}, issn = {1540-7993}, pages = {0021}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601310}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - An Authorization Scheme For Distributed Object Systems SN - 1540-7993 SP EP A1 - V. Nicomette, A1 - Y. Deswarte, PY - 1997 KW - authorization KW - protection KW - access rights KW - delegation KW - object model KW - multilevel security policy VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

V. Nicomette, LAAS-CNRS & INRIA

Y. Deswarte, LAAS-CNRS & INRIA

This paper addresses the problem of distributed object system protection. A new authorization scheme is presented and described. It is based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed: it is based on a new kind of access rights and a new scheme of privilege delegation. This authorization scheme can be adapted to various security policies, including multilevel policies such as Bell-LaPadula. An extension of the Bell-LaPadula model to distributed object systems is presented and its implementation using the authorization scheme is described.

Index Terms:

authorization, protection, access rights, delegation, object model, multilevel security policy

Citation:

V. Nicomette, Y. Deswarte, "An Authorization Scheme For Distributed Object Systems," sp, pp.0021, 1997 IEEE Symposium on Security and Privacy, 1997

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.