Security , Authorization , and Authentication for Enterprise Computing

Enterprise computing (EC) is the recognition that to effectively utilize and disseminate information within an entity (university, corporation, government agency, etc.) it will be necessary to design and develop integrated distributed computing environments that allow all types of existing and future systems to interoperate. In EC, there are legacy, COTS, database, and new client/server applications that all must interact to facilitate both peace and war time communications among personnel at varying locations (e.g., divisions, battalions, brigades, companies, platoons, Pentagon, etc.). When all of the diverse components that comprise EC applications (ECA) are linked, then security becomes an important issue, to insure that individuals only have access to the right information at the appropriate time. This paper details security, authorization, and authentication for enterprise computing. The paper’s intent is to begin to answer the important questions: What are major and underlying security concepts for enterprise computing? What are the security requirements for ECA? What are available approaches to security for enterprise computing and its applications?

[1]  Bhavani M. Thuraisingham,et al.  Mandatory security in object-oriented database systems , 1989, OOPSLA '89.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Donald M. Needham,et al.  ADAM: a language-independent, object-oriented, design environment for modeling inheritance and relationship variants in Ada 95, C++, and Eiffel , 1996, TRI-Ada '96.

[4]  T. C. Ting,et al.  Role-based access control for object-oriented/C++ systems , 1996, RBAC '95.

[5]  T. C. Ting,et al.  Extensible and Reusable Role-Based Object-Oriented Security , 1996, DBSec.

[6]  Heidi J. C. Ellis An information engineering approach to unified object-oriented design and analysis , 1994 .

[7]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[8]  T. C. Ting A User-Role Based Data Security Approach , 1988, Database Security.

[9]  T. C. Ting,et al.  Software Architectural Alternatives for User Role-Based Security Policies , 1997, DBSec.

[10]  David L. Spooner,et al.  The Impact of Inheritance on Security in Object-Oriented Database Systems , 1988, DBSec.

[11]  Mary Shaw,et al.  Software architecture - perspectives on an emerging discipline , 1996 .

[12]  T. C. Ting,et al.  User-Role Based Security Profiles for an Object-Oriented Design Model , 1993, DBSec.

[13]  Mei-Yu Hu Definition, analysis, and enforcement of user-role based security in an object-oriented design model , 1993 .

[14]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[15]  Klaus R. Dittrich,et al.  Discretionary Access Control in Structurally Object-Oriented Database Systems , 1988, DBSec.

[16]  Sujeet Shenoi,et al.  A Framework for High Assurance Security of Distributed Objects , 1996, DBSec.

[17]  Jonathan K. Millen,et al.  Security for object-oriented database systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Carl E. Landwehr,et al.  A security model for military message systems , 1984, TOCS.

[19]  T. C. Ting,et al.  Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications , 1997, Journal of computing and security.

[20]  Selim G. Akl,et al.  Views for Multilevel Database Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[21]  T. C. Ting,et al.  Towards an authorization mechanism for user-role based security in an object-oriented design model , 1993, Proceedings of Phoenix Conference on Computers and Communications.

[22]  Frederick H. Lochovsky,et al.  Role-Based Security in Data Base Management Systems , 1988, DBSec.

[23]  T. C. Ting,et al.  The Factors that Influence Apropos Security Approaches for the Object-Oriented Paradigm , 1993, Security for Object-Oriented Systems.

[24]  Donovan Hsieh,et al.  The SeaView Secure Database System: A Progress Report , 1990, ESORICS.

[25]  T. C. Ting,et al.  URBS Enforcement Mechanisms for Object-Oriented Systems , 1995, DBSec.