Object Security Attributes: Enabling Application-specific Access Control in...
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework...
View ArticleOfficial Requirements and Recommendations from Various Organizations on...
This report describes recommendations and official requirements from various organizations that guide architecture of CPR security at BHSSF.
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticleOverview of CORBA Security
Outline: • Introduction into computer security • Security in OO systems • CORBA security model overview • Application access control in CORBA • Resource Access Decision Facility • Further Information
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View ArticlePreview: Mastering Web Services Security
This presentation gives an overview of the upcoming book on Mastering Web Services Security that I co-authored with my colleagues at Quadrasis.
View ArticleResource Access Decision Facility: Overview
Outline: • Why you need Resource Access Decision Facility • Main aspects of RAD specification design • Main design decisions made by RAD submission team
View ArticleResource Access Decision Server: Design and Performance Considerations
Presentation on the design and the conducted performance measurements of RAD server prototype built at CADSE. Outline: • Introduction • RAD Specification Overview • RAD Prototype Design • Performance...
View ArticleResource Names for Resource Access Decision (Facility)
Presentation given to the joint SecSIG/CORBAmed session on Resource Access Decision facility, as part of the presentation on the revised submission to the OMG Healthcare Resource Access Control RFP....
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSecurity Requirements in Healthcare
Presentation on requirements in US healthcare organizations to security vendors, given to the joint SecSIG/CORBAmed session. Outline: • Risks • Requirements – Security requirements to the healthcare...
View ArticleSPAPI: A Security and Protection Architecture for Physical Infrastructures...
In recent years, concerns about the safety and security of critical infrastructures have increased enormously. The se infrastructures can easily become subjects of physical and cyber attacks. In this...
View ArticleSupporting Relationships in Access Control Using Role Based Access Control
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common...
View ArticleTaxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of...
This document categorizes security concerns of Computerized Patient Record enterprise according to federal and Florida state legal requirements, as well as to the internal security policies of Baptist...
View ArticleToward Usable Security Administration
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business...
View ArticleToward Usable Security Administration
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleTowards Agile Security Assurance
Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions...
View ArticleUpcoming OMG HealthCare Resource Access Control Facility
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
View ArticleUpdate on Security Domain Membership RFP Proposal
Presentation explains structural design proposed by the SDMM proposal, as it was standing on December 2000.
View ArticleUsability of Security Administration vs. Usability of End-user Security
Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals. However,...
View ArticleMultiple-Channel Security Model And Its Implementation Over SSL
Multiple-Channel SSL (MC-SSL) is a new model and protocol to secure client-server communication. In contrast to SSL, which provides a single end-to-end secure channel, MCSSL can provide applications...
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View Article
