Abstract
In this paper, we discuss access control for objects distributed over heterogeneous network management systems. In particular, we compare the access control mechanisms of SNMP version 2 against those proposed for CMIP. We employ the Typed Access Matrix model as a framework to study the two approaches in detail. Apart from the differences due to their management model, both schemes use an identitybased ACL scheme on object groups defined as collections of subtrees. We present an access control scheme integrating both systems.
This work was supported in part, by the European Communities under RACE II project no. R2058, Security and Management Services in Open Networks (SAMSON).
Preview
Unable to display preview. Download preview PDF.
References
P.E. Amman and R.S. Sandhu. Implementing transaction control expressions by checking the absence of rights. In Eighth Annual Computer Security Applications Conference, pages 131–140, 1992.
L. LaBarre (Editor). Forum 027-ISO/CCITT to Internet Management Security. Issue 1.0, Network Management Forum, October 1993.
Object Management. Group. Object Services RFP 3. TC Document 94-7-1, 1994.
K. McCloghrie and J. Galvin. Administrative Model for version 2 of the Simple Network Management Protocol (SNMPv2), RFC 1445, Hughes LAN Systems, Trusted Information Systems, April 1993.
R.S. Sandhu. The typed access matrix model. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 122–136, Computer Society Press, 1992.
W. Stallings. SNMP. SNMPΝ2 and CMIP. Addison-Wesley. 1993.
T.Y.C. Woo and S.S. Lam. Authorization in distributed systems: A formal approach. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 33–50, Computer Society Press, 1992.
Information technology — open systems interconnection — systems management: Objects and attributes for access control. DIS 101G4-9, ISO/IEC, 1994. ITU-T Rec. X.741.
Information technology — open systems interconnection — security frame-works in open systems — part 3: Access control. DIS 10181-3, ISO/IEC JTC1, 1994. ITU-T Rec. X.812.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karjoth, G. (1995). Integrated access control management. In: Clarke, A., Campolargo, M., Karatzas, N. (eds) Bringing Telecommunication Services to the People — IS&N '95. IS&N 1995. Lecture Notes in Computer Science, vol 998. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0016957
Download citation
DOI: https://doi.org/10.1007/BFb0016957
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60479-2
Online ISBN: 978-3-540-47618-4
eBook Packages: Springer Book Archive