Skip to Main content Skip to Navigation

La protection dans les systèmes à objets répartis

Vincent Nicomette 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Protection in distributed systems is a complex problem: which entities of a distributed system can be trusted, and according to this trust, how can the whole system be protected? The approach adopted in this thesis consists in distinguishing two levels of protection : a global protection by means of a centralized authorization server and a local protection on each site of the system by means of a security kernel. The authorization server has the responsibility of managing all access rights to persistant entites of the system while each security kernel controls all accesses to local objects (either transient or persistent) and is furthermore responsible for managing access rights for local transient objects. An authorization scheme for distributed object systems is presented ("object" here refers to the object-oriented programming notion). This scheme allows the least privilege principle to be strictly respected, defines new access rights called symbolic rights and a new scheme of privilege delegation. This authorization scheme is described in the context of a discretionnary security policy and in the context of a multilevel security policy. A multilevel security model adapted to the object oriented programming paradigm is developped and presented in this thesis. An example of an implementation of this authorization scheme is finally detailed.
Complete list of metadata
Contributor : Emilie Marchand <>
Submitted on : Thursday, September 27, 2007 - 1:47:17 PM
Last modification on : Thursday, June 10, 2021 - 3:05:49 AM
Long-term archiving on: : Monday, June 27, 2011 - 4:57:14 PM


  • HAL Id : tel-00175252, version 1


Vincent Nicomette. La protection dans les systèmes à objets répartis. Réseaux et télécommunications [cs.NI]. Institut National Polytechnique de Toulouse - INPT, 1996. Français. ⟨tel-00175252⟩



Record views


Files downloads