A Unified Security Framework for Networked Applications

Abstract

Various security models have been proposed for different types of applications and numerous types of execution environments. These models are typically reinforced by adding code to the application, which authenticates principals, authorises operations and establishes secure communication among distributed software components (e.g., clients and servers). This code is often application and context-specific, which makes it difficult to integrate an application with other each other. In this paper we propose a new unified access control mechanism that supports most of the existing security models and offers a number of additional controls that are not normally provided by security mechanisms. Moreover, the proposed mechanism integrates well with existing programming paradigms for distributed application, e.g., client/server technology and component based programming. This means that it can be seamlessly integrated with most existing distributed applications. We have implemented the proposed mechanism in a framework, that can be instantiated to implement different security models and policies. We present a qualitative evaluation that demonstrates the framework's ability to support a wide range of security policies and a preliminary performance evaluation of the framework.