Reference from ESORICS proceedings


5th European Symposium on Research in Computer Security (ESORICS 98)

Authorization in CORBA Security

Günter Karjoth

Keywords : authorization, object access control, CORBA, distributed object systems

Abstract : Integration of security and object-oriented techniques is critical for the successful deployment of distributed object systems. In December of 1995, the Object Management Group published a security service specification called CORBA Security to handle security in object systems that conform to the Object Management Architecture. This paper provides a rigorous definition of the authorization part of CORBA Security. Its semantics is given in terms of an access control matrix. The dependencies among the authorization elements are analyzed and possible interpretations for access control decision functions are given. The expressivity of the authorization model to define a wide range of policies, in particular mandatory access control, is discussed.

(Pages 143-158)


Proceedings table of contents