Security Engineering for Roles and Resources in a Distributed Environment

One critical challenge to security for distributed applications (which consist of legacy, COTS, databases, clients, etc.) is managing access to available resources (and their APIs). An engineered solution is critical to insure that clients are restricted to select portions of resource APIs at different times and under specific conditions. This work offers a constraint-based role security model and enforcement framework for authentication, authorization, enforcement, and policy realization of distributed applications. Our approach utilizes middleware (e.g. CORBA and /or JINI), to federate users and their resources (e.g., APIs of Legacy, COTS, and databases) into a securely engineered solution that attains fine-grained security via permissions placed against resource APIs (methods) constrained by time and data values as defined for individual user roles. This allows the realization of a flexible security policy and provides the users with assurance. In this paper, we present a formal constraint-based role security model and corresponding enforcement framework (with prototype) that can serve as a strong basis for the security engineering of applications such as the Dynamic Coalition Problem.