Analysis of ANSI RBAC Support in COM+

Saved in:
Bibliographic Details
Title: Analysis of ANSI RBAC Support in COM+
Authors: Darwish, Wesam1, Beznosov, Konstantin beznosov@ece.ubc.ca
Source: Computer Standards & Interfaces. Jun2010, Vol. 32 Issue 4, p197-214. 18p.
Subjects: COM (Computer architecture), Access control, Electronic data processing documentation, Computer operating systems, Data protection, Programming languages, Computer security, Algorithms
Abstract: Abstract: We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in COM+. We analyze the level of support for the American National Standard Institute''s (ANSI) specification of role-based access control (RBAC) components and functional specification in COM+. Our results indicate that COM+ falls short of supporting even Core RBAC. The main limitations exist due to the tight integration of the COM+ architecture with the underlying operating system, which prevents support for session management and role activation, as specified in ANSI RBAC. [Copyright &y& Elsevier]
Copyright of Computer Standards & Interfaces is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Description
Abstract:Abstract: We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in COM+. We analyze the level of support for the American National Standard Institute''s (ANSI) specification of role-based access control (RBAC) components and functional specification in COM+. Our results indicate that COM+ falls short of supporting even Core RBAC. The main limitations exist due to the tight integration of the COM+ architecture with the underlying operating system, which prevents support for session management and role activation, as specified in ANSI RBAC. [Copyright &y& Elsevier]
ISSN:09205489
DOI:10.1016/j.csi.2009.12.001