Contributions

In this work, we elaborate on the simple model in figure 1.1. In bringing role-based access control to distributed systems it is important to provide both theoretical foundations as well as examples of practical applications. This thesis contains several contributions in this direction:

• We present an object-oriented distributed secure system architecture. By using the architecture, existing applications can be integrated into a security framework without major changes. The framework also proposes a way for introducing centralized security monitoring into an otherwise distributed system.

• We propose a framework for modelling organizations using roles and inter-role relations and describe its application to role-based access control.

• We present a design for how role-based access control can be introduced in legacy systems using a modified NFS server. We also present demonstration of feasibility.

• We have performed a survey of existing protocols, systems and architectures designed with security in mind.

To the best of our knowledge, the ideas of introducing centralized monitoring and using an NFS server for role-based access control are novel and have not been presented before.