Fine-Grained Access Control in a Transactional Object-Oriented System

نویسندگان

  • Luis-Felipe Cabrera
  • Allen Luniewski
  • James W. Stamos
چکیده

tüe believe that access controls for object-oriented systems should be fine-grained and thus apply to individual methods of individual objects. The efficient support of fine-grained access control is challenging because a check is done on every method invo-cation. rüe present a design that uses access control lists (ACLs) and exploits virtual memory facilities to make these checks run fast. The costs include an extra level of indirection for method invocation and per-user storage for preprocessed access control information. Given a choice between immediacy of revocation and serializability of transactions, we selected a compromise that uses a nested top-level transaction for each invocation of an ACL method.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Fine-Grained Access Control with Object-Sensitive Roles

Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional ...

متن کامل

Role Slices and Runtime Permissions: Improving an AOP-based access control schema

In this paper, we present several issues that need to be addressed to incorporate dynamic permissions –permissions depending on runtime elements– into our current approach to model access control: the role slice. We summarize four tasks that conforms to our future research directions: extending the role-slice artifact to represent permissions based on runtime elements; refining the rules that r...

متن کامل

A Declarative Fine-grained Role-based Access Control Model and Mechanism for the Web Application Domain

Access control policies such as role-based access control (RBAC) enforce desirable security properties, in particular for Web-based applications with many different users. A fine-grained RBAC model gives the developers of such systems more customization and administrative power to control access to fine-granular elements such as individual cells of a table. However, the definition and deploymen...

متن کامل

Scalable Access Control for Distributed Object Systems

A key obstacle to the widespread use of distributed object oriented systems is the lack of scalable access control mechanisms. It is often necessary to control access to individual objects and methods. In large systems, however, these can be so numerous that the resulting proliferation of access control information becomes overwhelming. We describe Object Oriented Domain and Type Enforcement (O...

متن کامل

Transacting Pointer-based Accesses in an Object-based Software Transactional Memory System

Software transactional memory (STM) systems for objectoriented languages that allow relocating garbage collection (such as languages for the .NET platform, or Java) must decide how transactional metadata (i.e., fine-grained locks) is associated with objects. An obvious approach is to locate this metadata with the object, and move it when the object is moved. This approach becomes complicated if...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Computing Systems

دوره 5  شماره 

صفحات  -

تاریخ انتشار 1992