Contents for list of publications:
- Y. Deng, J. Wang, K. Beznosov and J.P. Tsai, "An approach for modeling and analysis of security system architectures", IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 2, 2003.
- Konstantin Beznosov, Yi Deng, Bob Blakley, Carol Burt and John Barkley, "A Resource Access Decision Service for CORBA-based Distributed Systems", Proceedings of the Annual Computer Security Applications Conference, Phoenix, Arizona, U.S.A.,December 6-10, 1999.
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access
control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are. It
also enables elaborate and consistent access control policies across heterogeneous systems. We present design of a service for re-source access authorization in
distributed systems. The service enables to decouple authorization logic from application functionality. Although the described service is based on CORBA
technology, the design approach can be successfully used in any distributed computing environment.
File available in Adobe Acrobat PDF, and Postscript formats.
- H. Yu, X. He, S. Gao, and Y. Deng: "Formal Software Architecture Design of Secure Distributed Systems", Proc. of SEKE 2003, California, 2003, 450-457.
- H. Yu, X. He, S. Gao, and Y. Deng: "A formal approach to designing secure software architectures", Proc. of the 9th High Assurance Computer Systems (HASE2004), 2004 (in press).
- Luis Espinal, Konstantin Beznosov and Yi Deng,"Design and Implementation of Resource Access Decision Server.", Technical Report 2000-01.
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. However, this is difficult, if not impossible to implement by exclusively using general-purpose infrastructures such as CORBA Security Service. In response to this limitation of CORBA Security service the Object Management Group (OMG) has adopted a Resource Access Decision (RAD) Facility, an authorization service for distributed systems, as a pre-final standard. By using RAD facility, developers can implement systems with authorization logic decoupled from application-specific logic and decentralized evaluation and administration of the access policies.
This report documents the design and implementation of a Resource Access Decision (RAD) facility. The report covers the different components that comprise a RAD system, their designs, functions and interdependencies. The RAD prototype allows studying the validity of the framework and conduction of experiments in the research of distributed access control. Since the design of the prototype is heavily influenced by design patterns, the prototype can easily be maintained and augmented with more complex access control mechanisms.
File available in zipped PS or zipped PDF formats. Technical Report 2000-01 bibtex entry.
- Konstantin Beznosov and Luis Espinal, "Resource Access Decision Server: Design and Performance Considerations", Slides of the presentation on the design and the conducted performance measurements of RAD server prototype given at CADSE, Miami, Florida, October 22, 1999.
- Konstantin Beznosov, "Resource Access Decision Facility: Overview", Slides of the presentation on Resource Access Decision facility given at DOCsec '99 workshop, July 15, 1999.
OMG's RAD Documentation & Specifications
OMG CORBA Specifications:
Overview of CORBA
- Konstantin Beznosov, Carol Burt, Bob Blakley and John Barkley, "Resource Access Decision (RAD): Revised Submission", Specification to the OMG Technical Committee document number corbamed/99-05-04, May 17, 1999.
- "Healthcare Resource Access Control Request For Proposal", Specification to the OMG document number corbamed/98-02-23, February 23, 1998.
Overview of Design Patterns
Overview of Access Control
[ RAD Home ]
[ RAD Overview ]
[ RAD Status ]
[ Download RAD ]
[ Install instructions ]
[ Troubleshooting RAD ]
[ RAD Members ]
[ RAD Sponsors ]
[ Back to CADSE ]
For problems or questions about this web, contact firstname.lastname@example.org