Title :
Uniform application-level access control enforcement of organizationwide policies
Author :
Verhanneman, Tine ; Piessens, Frank ; De Win, Bart ; Joosen, Wouter
Author_Institution :
Dept. of Comput. Sci., Katholieke Univ. Leuven
Abstract :
Fine-grained and expressive access control policies on application resources need to be enforced in application-level code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organization-wide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced
Keywords :
authorisation; user interfaces; access interface; application resources; application-level code; authorization engine; organizationwide policies; uniform application-level access control; Access control; Application software; Authorization; Computer science; Connectors; Contracts; Engines; Medical services; Prototypes; Security;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.59
