Using semantics for automatic enforcement of access control policies among dynamic coalitions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Using semantics for automatic enforcement of access control policies among dynamic coalitions

Full text

Pdf (295 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 12th ACM symposium on Access control models and technologies table of contents

Sophia Antipolis, France

SESSION: Novel access control techniques table of contents

Pages: 235 - 244

Year of Publication: 2007

ISBN:978-1-59593-745-2

Authors

Janice Warner	Rutgers University
Vijayalakshmi Atluri	Rutgers University
Ravi Mukkamala	Old Dominion University
Jaideep Vaidya	Rutgers University

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 4, Downloads (12 Months): 75, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1266840.1266877 What is a DOI?

ABSTRACT

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Owl web ontology language guide. available at http://www.w3.org/tr/owl-guide/.
	2	V. Atluri and J. Warner. Automatic enforcement of access control policies among dynamic coalitions. In International Conference on Distributed Computing and Internet Technology, December 2004.
	3	Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002 [doi>10.1145/581271.581276]
	4	V. Bharadwaj and J. Baras. A framework for automated negotiation of access control policies. Proceedings of DISCEX III, 2003.
	5	Eve Cohen , Roshan K. Thomas , William Winsborough , Deborah Shands, Models for coalition-based access control (CBAC), Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507727]
	6	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	7	M. P. Gallagher, A. O'Connor, and B. Kropp. The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology, March 2002.
	8	R. Housley, W. Polk, W. Ford, and D. Solo. Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. RFC 3280, April 2002.
	9	H. Khurana, S. Gavrila, R. Bobba, R. Koleva, A. Sonalker, E. Dinu, V. Gligor, and J. Baras. Integrated security services for dynamic coalitions. Proc. of the DISCEX III, 2003.
	10	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	11	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	12	R. Mukkamala, V. Atluri, and J. Warner. A distributed service registry for resource sharing among ad-hoc dynamic coalitions. In Lecture Notes in Computer Science. IFIP, December 2005.
	13	C. Philips, E. Charles, T. Ting, and S. Demurjian. Towards information assurance in dynamic coalitions. IEEE IAW, USMA, February 2002.
	14	Charles E. Phillips, Jr. , T.C. Ting , Steven A. Demurjian, Information sharing and security in dynamic coalitions, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507726]
	15	Mark Sanderson , Bruce Croft, Deriving concept hierarchies from text, Proceedings of the 22nd annual international ACM SIGIR conference on Research and development in information retrieval, p.206-213, August 15-19, 1999, Berkeley, California, United States [doi>10.1145/312624.312679]
	16	Andreas Schaad , Jonathan Moffett , Jeremy Jacob, The role-based access control system of a European bank: a case study and discussion, Proceedings of the sixth ACM symposium on Access control models and technologies, p.3-9, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373257]
	17	Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, A logic-based framework for attribute based access control, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029133.1029140]
	18	J. Warner, V. Atluri, and R. Mukkamala. An attribute graph based approach to map local access control policies to credential based access control policies. In ICISS, pages 134--147, 2005.
	19	J. Warner, V. Atluri, and R. Mukkamala. A credential-based approach for facilitating automatic resource sharing among ad-hoc dynamic coalitions. In IFIP, August 2005.
	20	Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003 [doi>10.1145/605434.605435]

CITED BY 3

	Paul El Khoury , Emmanuel Coquery , Mohand-Said Hacid, Consistency checking of role assignments in inter-organizational collaboration, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
	Janice Warner , Soon Ae Chun, Semantic and pragmatic annotation for government information discovery, sharing and collaboration, Proceedings of the 10th Annual International Conference on Digital Government Research: Social Networks: Making Connections between Citizens, Data and Government, May 17-20, 2009
	Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, Foundations for group-centric secure information sharing models, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy