Uniform application-level access control enforcement of organizationwide policies

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 431-440

  Verhanneman, Tine ^a   Piessens, Frank ^a   De Win, Bart ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; AUTHORIZATION ENGINES; CENTRAL MANAGEMENT;

INFORMATION SERVICES; INTERFACES (COMPUTER); PROBLEM SOLVING; SEARCH ENGINES; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

CODES (SYMBOLS);

EID: 33746100395     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.59     Document Type: Conference Paper

References (28)

1. R. J. Anderson. A security policy model for clinical information systems. In SP '96: Proceedings of the 1996 IEEE Symposium on Security and Privacy, page 30, Washington, DC, USA, 1996. IEEE Computer Society.
2. D. Basin, J. Doser, and T. Lodderstedt. Model driven security for process-oriented systems. In SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies, pages 100-109, New York, NY, USA, 2003. ACM Press.
3. K. Beznosov. Engineering Access Control for Distributed Enterprise Applications. PhD thesis, Florida International University, July 2000.
4. K. Beznosov. Access Control Mechanisms in Commercial Middleware, June 2002. tutorial at SACMAT'02.
5. K. Beznosov. Object Security Attributes: Enabling Application-Specific Access Control in Middleware. In DOA'02: 4th International Symposium on Distributed Objects & Applications, pages 693-710, London, UK, October 2002. Springer-Verlag.
6. K. Beznosov, Y. Deng, B. Blakley, C. Burt, and J. Barkley. A Resource Access Decision Service for CORBA-based Distributed Systems. In ACSAC '99: 15th Annual Computer Security Applications Conference, pages 310-319, 1999.
7. S. Bodoff, D. Green, K. Haase, E. Jendrock, M. Pawlan, and B. Stearns. The J2EE tutorial. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2002.
8. G. Brose. Manageable access control for CORBA. Journal of Computer Security, 10(4):301-337, 2002.
9. D. Crawford. Communications of the ACM, volume 44. ACM Press, New York, NY, USA.
10. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. LNCS, 1995:18-28, 2001.
11. B. De Win, W. Joosen, and F. Piessens. Developing secure applications through aspect-oriented programming. In R. E. Filman, T. Elrad, S. Clarke, and M. Akşit, editors, Aspect-Oriented Software Development, pages 633-650. Addison-Wesley, Boston, 2005.
12. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274, 2001.
13. R. E. Filman and D. P. Friedman. Aspect-Oriented Programming is Quantification and Obliviousness, October 2000. Workshop on Advanced Separation of Concerns, OOPSLA 2000.
14. ISO. Information technology - open systems interconnection - security framework for open systems: access control framework. ISO/IEC 10181-3 (ITU-T X.812).
15. S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214-260, 2001.
16. G. Karjoth. Access control with IBM Tivoli access manager. ACM Trans. Inf. Syst. Secur., 6(2):232-257, 2003.
17. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst., 10(4):265-310, 1992.
18. U. Z. Leuven. Leuvense Internet Samenwerking Artsen (LISA). www.uzleuven.be/UZroot/content/Zorgverleners/login/lisa/ (dutch).
19. S. Middleton, J. Barnett, and D. Reeves. What is an integrated care pathway? What is ...? series, 3(3), 2003. http://www.evidence- basedmedicine.co.uk/What.is.series.html.
20. OASIS. Core Specification: eXtensible Access Control Markup Language (XACML) Version 2.0.
21. Object Management Group. OMG Model Driven Architecture. http://www.omg.org/mda/.
22. H. Ossher and P. Tarr. Using multidimensional separation of concerns to (re) shape evolving software. Commun. ACM, 44(10):43-50, 2001.
23. R. Pawlak, L. Seinturier, L. Duchien, and G. Florin. JAC: A Flexible Framework for AOP in Java. In Reflection'01, volume 2192 of Lecture Notes in Computer Science, pages 1-24. Springer-Verlag, September 2001.
24. Secretary of the Department of Health and Human Services. Final Privacy Rule, August 2002.
25. Secretary of the Department of Health and Human Services. Final Security Rule, February 2002.
26. E. Song, R. Reddy, R. France, I. Ray, G. Georg, and R. Alexander. Verifiable composition of access control and application features. In SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies, pages 120-129, New York, NY, USA, 2005. ACM Press.
27. Sun Microsystems. Java Authorization Contract for Containers, final release, November 2003. JSR-115.
28. B. Van den Bosch. The design and the development of the hospital information system of the U.Z. Leuven. PhD thesis, Katholieke Universiteit Leuven, 1996.