Title :
An authorization scheme for distributed object systems
Author :
Nicomette, V. ; Deswart, Y.
Author_Institution :
Lab. d´´Autom. et d´´Anal. des Syst., CNRS, Toulouse, France
Abstract :
Addresses the problem of distributed object system protection. A new authorization scheme is presented and described, based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed, based on a new kind of access rights and a new scheme of privilege delegation. This authorization scheme can be adapted to various security policies, including multilevel policies such as that of Bell & LaPadula (1975). An extension of the Bell-LaPadula model to distributed object systems is presented and its implementation using the authorization scheme is described
Keywords :
authorisation; distributed processing; network servers; object-oriented programming; Bell-LaPadula model; access rights management; authorization scheme; central authorization server; distributed object systems; multilevel policies; privilege delegation; security kernels; security policies; system protection; Authorization; Books; Collaboration; Containers; File servers; Kernel; Monitoring; Permission; Protection; Utility programs;
Conference_Titel :
Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7828-3
DOI :
10.1109/SECPRI.1997.601310
