[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CADSE workshop this Friday 4PM in ECS 212

To: cadse-orb@cs.fiu.edu
Subject: CADSE workshop this Friday 4PM in ECS 212
From: Konstantin Beznosov <beznosov@cs.fiu.edu>
Date: Wed, 05 Apr 2000 12:54:06 -0400
Sender: owner-cadse-orb@cs.fiu.edu

This is to announce CADSE workshop that will be this Friday (4/7/00) in ECS 212
from 4:00 PM to 5 PM. The main part of the workshop is a presentation entitled 

"Architecture-Based Separation of Authorization and Application Logic in
Distributed Systems"

The following is the presentation abstract:

Security is an essential feature and foremost concern to enterprise software
systems. Today, application-level access control (and other security) functions
are based on complex, fine-grain and/or context-dependent policies, and thus are
largely embedded in application systems. This results in multiple-point security
control, which makes system integration and security administration tremendously
difficult, costly and error-prone. 

In this talk, we present our ongoing effort to address the above problems and to
achieve the objectives of application access control by integrating the latest
results in distributed object technology and software security under an
architecture-centered approach for system composition. The main direction of our
approach is the development of an open, adaptive and application-independent
distributed authorization service based on emerging middleware standards such as
CORBA. The service provides authorization decisions to distributed application
systems. It establishes the structural basis for system composition, and for
ensuring overall performance, availability and reliability of enterpirse-wide
authorization services. The use of external authorization service has a promise
to overcome most of the drawbacks of coupling authorization logic with
application logic. The same approach might be generalized and applied for other
security properties of distributed application systems. However several
important questions have to be addressed before the  approach could be
considered viable.

We expect the study to show (1) if the architectural separation of functional
and nonfunctional system properties is viable for contemporary distributed
computing technologies in general, and (2) if authorization logic can be
effectively decoupled from application logic in particular. The research has
direct implications on the practice of constructing distributed application
systems.

We will describe an approach for separation of application logic from
authorization logic, report on the initial results of the performance
measurements for a prototype system developed at the center, and discuss the
state of our research and the future work. 
----------------------------------

Konstantin Beznosov
To unsubscribe send a note to majordomo@cs.fiu.edu with the body of the message
being: unsubscribe cadse-orb

Prev by Date: CADSE workshop
Prev by thread: No workshop next Friday either due to Thanksgiving (eom)
Index(es):
- Date
- Thread