USENIX Conference Policies
Scalable Access Control for Distributed Object Systems
A key obstacle to the widespread use of distributed object oriented systems is the lack of scalable access control mechanisms. It is often necessary to control access to individual objects and methods. In large systems, however, these can be so numerous that the resulting proliferation of access control information becomes overwhelming. We describe Object Oriented Domain and Type Enforcement (OO-DTE), a technology for organizing, specifying, and enforcing access control that has been prototyped and integrated with commercial ORBs and SSL. OO-DTE provides fine-grained control and scalability via a compilable symbolic policy language. We discuss our experience building and using OO-DTE and compare OO-DTE with the access control terminology, concepts, and requirements described in CORBA Security.
author = {Daniel F. Sterne and Gregg W. Tally and C. Durward McDonell and David L. Sherman and David L. Sames and Pierre X. Pasturel and E. John Sebes},
title = {Scalable Access Control for Distributed Object Systems},
booktitle = {8th USENIX Security Symposium (USENIX Security 99)},
year = {1999},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/8th-usenix-security-symposium/scalable-access-control-distributed-object-systems},
publisher = {USENIX Association},
month = aug
}