|
CS Home
Dept Info/Contacts
People
Research
Events
Courses
Undergrad Programs:
Computer Science
Informatics
Graduate Program
Prospective Students
Faculty Hiring
Employment
Resources
Help Lab Hours
Student Groups
Support the Department: Weeg Professorship
|
|
Fine-Grained Access Control with Object-Sensitive Roles
Friday, Sep 25, 2009
4:00-5:00pm, 140 SH (Schaeffer Hall)
Abstract
Role-based access control (RBAC) is a common paradigm to ensure that
users have sufficient rights to perform various system operations. In
many cases though, traditional RBAC does not easily express
application-level security requirements. For instance, in a medical
records system it is difficult to express that doctors should only
update the records of their own patients. Further, traditional RBAC
frameworks like Java's Enterprise Edition rely solely on dynamic
checks, which makes application code fragile and difficult to ensure
correct.
We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model
for object-oriented languages. ORBAC resolves the expressiveness
limitations of RBAC by allowing roles to be parameterized by
properties of the business objects being manipulated. We define a
dependent type system that statically validates a program's
conformance to an ORBAC policy. We have implemented our type system
for Java and have used it to validate fine-grained access control in
the OpenMRS medical records system.
|
