USENIX Technical Program - Abstract - Security Symposium 99
Scalable Access Control for Distributed Object Systems
Danel F. Sterne, Gregg W. Tally, C. Durward McDonell, David L. Sherman, David L. Sames, Pierre X. Pasturel, NAI Labs, Network Associates, Inc.; and E. John Sebes, Kroll-O'Gara Information Security Group
A key obstacle to the widespread use of distributed object oriented
systems is the lack of scalable access control mechanisms. It is often
necessary to control access to individual objects and methods. In large
systems, however, these can be so numerous that the resulting
proliferation of access control information becomes overwhelming. We
describe Object Oriented Domain and Type Enforcement (OO-DTE), a
technology for organizing, specifying, and enforcing access control that
has been prototyped and integrated with commercial ORBs and SSL. OO-DTE
provides fine-grained control and scalability via a compilable symbolic
policy language. We discuss our experience building and using OO-DTE and
compare OO-DTE with the access control terminology, concepts, and
requirements described in CORBA Security.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.