Coordinating Desired Accessibility Versus Desired Restrictions in Distributed Object Systems

Abstract

This work aims to provide administrators with services for managing permissions in a distributed object system, by connecting business-level tasks to access controls on low level functions. Specifically, the techniques connect abilities (to complete externally-invoked functions) to the access controls on individual functions, across all servers. Our main results are the problem formalization, plus algorithms to synthesize least privilege permissions for a given set of desired abilities. Desirable extensions and numerous research issues are identified.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2001
Accession Number
AD1125416

Entities

People

  • Arnon Rosenthal

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Algorithms
  • Commerce
  • Computer Access Control
  • Computer Programming
  • Computers
  • Control Systems
  • Database Management Systems
  • Databases
  • Engineering
  • Entry Control Systems
  • Failure Mode And Effect Analysis
  • Fault Tolerance
  • Guarantees
  • Language
  • Lead Time
  • Middleware
  • Operating Systems
  • Programming Languages
  • Security
  • System Software

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Organizational Process Management (OPM).
  • Robotics and Automation.