• DocumentCode
    3314357
  • Title

    An authorization plan for commercial service systems

  • Author

    Yu, Che-Fn

  • Author_Institution
    GTE Labs. Inc., Waltham, MA, USA
  • fYear
    1990
  • fDate
    3-7 Dec 1990
  • Firstpage
    376
  • Lastpage
    383
  • Abstract
    Commercial service systems should allow customers to control their service configurations. The challenge is to make this feature feasible in such a way that the system is easy to administer while ensuring the security of both customer´s service and the control system itself. Simple security mechanisms, such as access control lists used in general-purpose computer systems, are insufficient for administration control and authority delegation in commercial service systems. The author proposes a security policy called an `authorization policy´ suitable for administration and authorization controls. This security policy is enforced through a unified protection mechanism called an `access control hierarchy´. The application of this access control hierarchy is demonstrated by examples
  • Keywords
    security of data; service industries; access control hierarchy; access control lists; administration control; authority delegation; authorization plan; authorization policy; commercial service systems; customer controlled configurations; security mechanisms; service configurations; unified protection mechanism; Access control; Application software; Authorization; Computer security; Control systems; Data security; Permission; Personnel; Protection; Telephony;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual
  • Conference_Location
    Tucson, AZ
  • Print_ISBN
    0-8186-2105-2
  • Type

    conf

  • DOI
    10.1109/CSAC.1990.143812
  • Filename
    143812