Task-Based Authorizations

摘要

In this project we developed a new paradigm for access control and security models called task-based authorization controls (TBAC). This new authorization control paradigm is particularly suited for emerging models of computing, especially distributed computing and information processing activities with multiple points of access control and decision making. TBAC articulates security issues at the application and enterprise level. As such, it takes a task-oriented or transaction-oriented perspective rather than a perspective based upon traditional subject-object distinctions. In TBAC, access mediation involves authorizations at various points during the completion of tasks in accordance with the application logic associated with the overall governing process. In contrast, the subject-object view typically divorces access mediation from the larger context in which a subject performs an operation on an object. By taking a task-oriented view of access control and authorizations, TBAC lays the foundation for research into a new breed of 'active' security models. TBAC has broad applicability to access control, ranging from fine-grained activities such as client-server interactions in a distributed system, to coarser units of distributed applications and workflows that cross departmental and organizational boundaries.