Mandatory Security Policies for CORBA Security Model

This paper proposes extending the CORBA (Common Object Request Broker Architecture) security model to make possible the use of mandatory policies in distributed applications. The Bell & Lapadula model is adopted to define the mandatory controls in the authorization scheme JaCoWeb, through a policy service designated as PoliCap. Our mandatory control is carried out on the level of ORB (Object Request Broker), on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing.

[1]  Carl E. Landwehr,et al.  A security model for military message systems , 1984, TOCS.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Yves Deswarte,et al.  An authorization scheme for distributed object systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  Günter Karjoth Authorization in CORBA Security , 2000, J. Comput. Secur..

[6]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[7]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[8]  John P. L. Woodward Exploiting the Dual Nature of Sensitivity Labels , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.