论文信息 - Model driven security: unification of authorization models for fine-grain access control

Model driven security: unification of authorization models for fine-grain access control

The research vision of the Unified Component Meta Model Framework (Uniframe) is to develop infrastructure for components that enables a plug and play component environment where the security contracts are a part of the component description and the security aware middleware is generated by the component integration toolkits. That is, the component providers will define security contracts in addition to the functional contracts. These security contracts will be used to analyze the ability of a service to meet the security constraints when used in a composition of components. A difficulty in progressing the security related aspects of this infrastructure is the lack of a unified access control model that can be leveraged to identify protected resources and access control points at the model level. Existing component technologies utilize various mechanisms for specifying security constraints. This paper will explore issues related to expressing access control requirements of components and the resources they manage. It proposes a platform independent model (PIM) for the access control that can be leveraged to parameterize domain models. It also outlines the analysis necessary to progress a standard transformation from this PIM to three existing platform specific models (PSMs).

[1] E. F. Michiels,et al. ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[2] Yi Deng,et al. A resource access decision service for CORBA-based distributed systems , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[3] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4] Rajeev R. Raje,et al. A Unified Approach for the Integration of Distributed Heterogeneous Software Components , 2001 .

[5] M. Auguston,et al. Quality of Service ( QoS ) Standards for Model Driven Architecture , 2002 .

[6] Rajeev R. Raje,et al. Quality of service issues related to transforming platform independent models to platform specific models , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[7] Mark Johnson,et al. Designing Enterprise Applications with the J2EE¿ Platform , 2002 .

[8] Rajeev R. Raje,et al. Quality of Service (QoS) Standards for Model Driven Architecture 1 , 2002 .

[9] Von Welch,et al. Fine-Grain Authorization for Resource Management in the Grid Environment , 2002, GRID.

[10] Rajeev R. Raje,et al. Formal Methods for Quality of Service Analysis in Component-Based Distributed Computing , 2004, Trans. SDPS.