کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
454230 | 695131 | 2010 | 18 صفحه PDF | دانلود رایگان |

We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in COM+. We analyze the level of support for the American National Standard Institute's (ANSI) specification of role-based access control (RBAC) components and functional specification in COM+.Our results indicate that COM+ falls short of supporting even Core RBAC. The main limitations exist due to the tight integration of the COM+ architecture with the underlying operating system, which prevents support for session management and role activation, as specified in ANSI RBAC.
Journal: Computer Standards & Interfaces - Volume 32, Issue 4, June 2010, Pages 197–214