Computer security is a highly faceted topic. In the first chapters of this thesis we have provided an introduction and overview of the area that we believe provides a good background for later chapters in the thesis, as well as for someone wanting to pursue their own studies in the area.
In the thesis the emphasis has been on security in distributed
systems. Within this area we have presented a number of contributions
of our own. Our contributions cover different sub-topics of the
main area and by doing so also help to emphasize the diversity and
size of 
the field of 
distributed systems security.
In the design for an object-oriented framework for secure distributed systems, we utilize the transparency provided by the underlying object distribution mechanisms to provide centralized monitoring and control over an otherwise distributed system. Such monitoring and control is often desirable but is not provided for in other distributed security frameworks. By using an object-oriented approach, the interaction between applications and the security framework becomes well-defined. This is very important as it allows existing applications to be encapsulated in objects that can interact with the new security infrastructure.
In the role representation framework we have presented, we lay out some foundations to how we can think about and represent organizational roles. These also serve as basic building blocks upon which to place the important concept of role-based access control. RBAC has many advantages, administrative and other, and we believe it has an important place in any security framework.
Development always brings with it conflicts between the new and the old. What is usually referred to as legacy systems can, by their mere existence and the investment they represent, often slow down or hinder the introduction of new technologies. For the case of distributed security a problem is that it can be difficult to fit existing applications into new security frameworks. Our object-oriented framework offers one solution to this problem. We also present another solution, on a different level, where we make an NFS server RBAC-aware. In this approach we place existing applications under role-based access control by modifying the underlying file system in which they operate. For the sake of demonstration, we have presented this as a ``stand-alone'' solution. However, in a real application our solution should be integrated into some more comprehensive framework.