Skip to main content
SpringerLink
Log in

Meta objects for access control: Role-based principals

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 1998)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1438))

Included in the following conference series:

Abstract

Most current object-based distributed systems support access control lists for access control. However, it is difficult to determine which principal information to use for authentication of method calls. Domain-based and thread-based principals suffer from the problem of privileges being leaked. Malicious objects can trick privileged objects or threads to accidently use their privileges (UNIX s-bit problem). We introduce role-based principals to solve this problem. Each object reference may be associated with a role, which determines trust, authentication and permissible data flow via the reference. An object may act in different roles when interacting with different other parties. Exchanged references automatically inherit the role. By initially defining such roles, we can establish a security policy on a very high abstraction level. Our security model is based on meta objects: principal meta objects provide principal information for method invocation, access control meta objects implement access checks.

This work is supported by the Deutsche Forschungsgemeinschaft DFG Grant Sonderforschungsbereich SFB 182, Project B2.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Benantar, M.; Blakley, B.; Nadalin, A.: Approach to object security in Distributed SOM. IBM Systems Journal, Vol. 35 No. 2, 1996, New York

    Google Scholar 

  2. Dennis, J.B.; Van Horn, E.C.: Programming Semantics for Multiprogrammed Computations. Comm. of the ACM, March 1966

    Google Scholar 

  3. Ferraiolo, D.; Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563, Baltimore, Oct. 1992

    Google Scholar 

  4. Kleinöder, J.; Golm, M.: MetaJava: An Efficient Run-Time Meta Architecture for Java, Proc. of the Int. Workshop on Object Orientation in Operating Systems — IWOOOS'96, Seattle, IEEE, 1996

    Google Scholar 

  5. Lampson, B.: A Note on the Confinement Problem, In: Communications of the ACM 1973, October, 1973

    Google Scholar 

  6. Levy, H.: Capability-Based Computer Systems. Bedford, Mass.: Digital Press, 1984

    Google Scholar 

  7. Maes, P.: Computational Reflection, Ph.D. Thesis, Technical Report 87-2, Artificial Intelligence Laboratory, Vrije Universiteit Brüssel, 1987

    Google Scholar 

  8. Mitchell, J.; Gibbons, J.; Hamilton, G. et.al.: An Overview of the Spring System. Proc. of the Compcon Spring 1994 (San Francisco), Los Alamitos: IEEE, 1994

    Google Scholar 

  9. OMG: CORBA Security, OMG Document Number 95-12-1, 1995

    Google Scholar 

  10. Riechmann, T.; Hauck, F. J.: Meta objects for access control: extending capability-based security. In: Proc. of the ACM New Security Paradigms Paradigms Workshop 1997, Great Langdale, UK, Sept. 1997 (to appear)

    Google Scholar 

  11. Sun Microsystems Comp. Corp.: HotJava: The Security Story, White Paper, 1995

    Google Scholar 

  12. Sun Microsystems Comp. Corp.: Java Security Architecture. JDK 1.2 Draft, 1997

    Google Scholar 

  13. Tanenbaum, A. S.; Mullender, S. J.; van Renesse, R.: Using sparse capabilities in a distributed operating system. Proc. of the 6th Int. Conf. on Distr. Comp. Sys., pp. 558–563, Amsterdam, 1986

    Google Scholar 

  14. Wallach, D. S.; Balfanz, D.; Dean, D.; Feiten, E. W.: Extensible Security Architecture for Java. Proc. of the SOSP 1997: pp. 116–128, Oct. 1997, Saint-Malo, France

    Google Scholar 

  15. Wulf, W.; Cohen, E.; Corwin, W.; Jones, A.; Levin, R.; Pierson, C.; Pollack, F.: HYDRA: The Kernel of a Multiprocessor Operating System. Comm. of the ACM, 1974

    Google Scholar 

  16. Wang, C.; Wulf, W.; Kienzle, D.: A New Model of Security for Distributed Systems. In: Proceedings of the 1996 ACM New Security Paradigms Workshop, 1996

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science IV, University of Erlangen-Nuernberg, Martensstr. 1, D-91058, Erlangen, Germany

    Thomas Riechmann & Jürgen Kleinöder

Authors
  1. Thomas Riechmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jürgen Kleinöder
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Colin Boyd Ed Dawson

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Riechmann, T., Kleinöder, J. (1998). Meta objects for access control: Role-based principals. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053742

Download citation

  • DOI: https://doi.org/10.1007/BFb0053742

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64732-4

  • Online ISBN: 978-3-540-69101-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation