Basit Shafiq
Elisa Bertino
ABSTRACT
Ensuring secure and authorized access to remote services and information resources in a dynamic collaborative environment is a challenging task. Two major issues that need to be addressed in this regard are: specification of access control requirements and trust management. Specification of access control requirements for dynamic collaboration is challenging mainly because of the limited or lack of knowledge about remote users' identities and affiliations. The access control policies and constraints defining users' authorization over remote resources and services need to be specified in terms of the attributes and properties of the users. Moreover, the criteria for validating the attributes of the users should also be specified as part of access control requirements. Trust management, in the context of dynamic collaboration, involves validation of user's attributes for secure interaction and prevention of unauthorized disclosure of policies and attributes. The paper discusses these issues in detail and presents a framework for access control and trust management in a distributed collaborative environment.
- Joshi, J. B. D., Bertino, E., Latif, U., and Ghafoor, A. Generalized temporal role based access control model. IEEE Transactions on Knowledge and Data Engineering, 17, 1 (Jan. 2005), 4--23. Google Scholar
Digital Library
- Ahmed, T. Policy Based Design of Secure Distributed Collaboration Systems. Ph. D. Thesis, University of Minnesota. Google ScholarDigital Library
- Grandison, T., and Sloman, M. A survey of trust in Internet applications. IEEE Communications Surveys, Fourth Quarter, 2000, 2--14. Google ScholarDigital Library
- Rahman, A.-A., and Hailes, S., A distributed trust model. In Proceedings of the Workshop on New Security Paradigms, 1997. Google ScholarDigital Library
- Rahman, A.-A. The PGP trust model. The Journal of Electronic Commerce, 1997.Google Scholar
- Ziegler, C. N., and Lausen, G. Spreading activation models for trust propagation. In Proceedings of the IEEE International Conference on e-Technology, e-Commerce, and e-Service, 2004. Google ScholarDigital Library
- Mass, Y., and Shehory, O. Distributed trust in open multi-agent systems. Trust in Cyber Societies, LNAI, R. Falcone, M. Singh, and Y.-H Tan Edition, 2001, 159--173. Google ScholarDigital Library
- Richardson, M., Agrawal, R., and Domingos, P. Trust management for the semantic web. In Proceedings of the International Semantic Web Conference, 2003.Google ScholarDigital Library
- Yu, T., and Winslett, M., A unified scheme for resource protection in automated trust negotiation, In Proceedings of the IEEE Symposium on Security and Privacy, May 2003. Google ScholarDigital Library
- Yu, T., and Winslett, M., Policy migration for sensitive credentials in trust negotiation, In Proceedings of the ACM Workshop on Privacy in the Electronic Society, 2003, 9--20. Google ScholarDigital Library
- Winsborough, W., Li, N. Safety in automated trust negotiation, In Proceedings of the IEEE Symposium on Security and Privacy, 2004, 147--160.Google ScholarCross Ref
- Seamons, K.E., Winslett, M., and Yu, T. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Workshop on Privacy Enhancing Technologies, 2002.Google Scholar
- Winsborough, W., and Li, N. Towards practical automated trust negotiation. In Proceedings of the IEEE Workshop on Policies for Distributed Systems and Networks, 2002, 92--103. Google ScholarDigital Library
- Li, N., Mitchell, J. C., and Winsborough, W. Design of a role-based trust-management framework. In Proceedings of the IEEE Symposium on Security and Privacy, 2002, 114--130. Google ScholarDigital Library
- Wang, L., Wijesekera, D., and Jajodia, S. A logic-based framework for attribute based access control, In Proceedings of the ACM Workshop on Formal Methods in Security Engineering, 2004, 45--55. Google ScholarDigital Library
- Bertino, E., Ferrari, E., and Atluri, V. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2, 1, (1999), 65--104. Google ScholarDigital Library
- Yu, J. Dynamic web service invocation based on UDDI. In Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business, 2004, 154--157. Google ScholarDigital Library
- Sandhu, R., Coyne, E. J., Feinstein, H. L., and Youman, C. E., Role based access control models. IEEE Computer, 29, 2, (Feb. 1996), 38--47. Google ScholarDigital Library
- Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. B. D. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security, 8, 2 (May 2005), 187--227. Google ScholarDigital Library
- OASIS XML-Based Security Services Technical Committee (SSTC). Security Assertion Markup Language (SAML). Technical Report, http://xml.coverpages.org/saml.html.Google Scholar
- Bhatti, R., Bertino, E., and Ghafoor, A. An integrated approach to federated identity and privilege management in open systems. Accepted for publication in the Communications of the ACM. Also available as CERIAS Technical Report TR 2005-42, https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2005-42.pdf.Google Scholar
Index Terms
- Access control management in a distributed environment supporting dynamic collaboration
Recommendations
Distributed access control architecture and model for supporting collaboration and concurrency in dynamic virtual enterprises
Virtual enterprises (VEs) provide a novel solution to potentially enhance global competitiveness via collaboration on product design, production, assembly and marketing. Efficient and secure information resource sharing is one of the key factors to a ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
A theory for comparing the expressive power of access control models
We present a theory for comparing the expressive power of access control models. The theory is based on simulations that preserve security properties. We perceive access control systems as state-transition systems and present two kinds of simulations, ...
Comments