2nd Workshop 
on
Distributed Object Security



The first workshop on Distributed Object security was held in collaboration with the 12th European Conference on Object-Oriented Programming (ECOOP'98) in Brussels Belgium, 1998.
In association with
the Conference on  Object-Oriented 
Programming, 
Applications 
and Systems 
OOPSLA'99

Denver Colorado, 
2 November 1999
 
 
 
 
 
 

 

Call for Papers

The purpose of the 2nd Distributed Object Security Workshop is to provide a forum for discussion of security problems relating to distributed object-oriented systems. As object-oriented applications are becoming omnipresent, the need for security has become a pressing issue. The object-oriented paradigm offers basic abstractions such as interfaces and data abstractions which have been used for security.  Object-oriented programming languages that include mechanisms such as strong-typing and automatic memory management can be used as the foundations of new software-based security architectures. But, for all of these advantages, object systems must deal with issues such as the granularity of protection and dynamic binding which blurs the line between trusted and untrusted components.

Distribution accentuates the existing problems. In object-based systems such as CORBA and DCOM, objects are used to define and structure communication protocols. In these systems issues such as authenticity, integrity and privacy of messages must be addressed. In truly distributed object-oriented systems, objects may be moved along with their behavior. This brings in new security challenges as trusted and untrusted code may be integrated in the same address space and allowed to interact in intricate ways.

Reusability is one of the traditional virtues of object-orientation. However, security problems may arise when objects are reused in an execution context that is different from the context of the original implementation, e.g., the authentication and authorization required by an object modeling a bank account is very different, depending on whether its methods are being invoked from within the banks database or by a home-banking client on the Internet.

Component-based programming and Java Beans allow large parts of applications to be assembled out of an existing collection of components or beans. However, components and beans have the same potential security problems as reusing ordinary objects. The problems arise because components and beans cannot deal with the non-functional requirements, such as security, of the application.

New programming paradigms, such as reflection and aspect-oriented programming, have been proposed to deal with non-functional requirements. Although these paradigms look promising, they also introduce new questions such as: How can we use these paradigms to program secure applications? and how can we build secure systems that support these paradigms?

Topics of interest include but are not restricted to:

Submissions of papers

Participation to the workshop is by invitation only.  All prospective participants are expected to submit a position paper presenting their work (the position paper should not exceed 6 pages) along with a "hot topic" that they wish to discuss at the workshop.  Submissions should be sent by electronic mail (standard PostScript or PDF) to

dosws@cs.tcd.ie  by  September 17.

All papers will be refereed.  We encourage not only submissions presenting original research results, but also papers that attempt to establish links between different approaches to security and/or papers that include survey material. Original research results should be clearly described, and their usefulness to practitioners outlined.
 
 

Important Dates

  • September 3  Submission of papers. 
  • September 29 Notification of authors. 
  • November 2 DOS Workshop.

Organizing Committee