Abstract
This work aims to provide administrators with
services for managing permissions in a distributed object
system, by connecting business-level tasks to access
controls on low level functions. Specifically, the
techniques connect abilities (to complete externally-
invoked functions) to the access controls on individual
functions, across all servers. Our main results are the
problem formalization, plus algorithms to synthesize
“least privilege†permissions for a given set of desired
abilities. Desirable extensions and numerous research
issues are identified.
Note
3rd International Symposium on Distributed Objects & Applications
September 17-20, 2001 in Rome, Italy
Poster Paper