Policy decomposition for collaborative access control

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Policy decomposition for collaborative access control

Full text

Pdf (379 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 13th ACM symposium on Access control models and technologies table of contents

Estes Park, CO, USA

SESSION: Access control in distributed environments table of contents

Pages 103-112

Year of Publication: 2008

ISBN:978-1-60558-129-3

Authors

Dan Lin	Purdue University
Prathima Rao	Purdue University
Elisa Bertino	Purdue University
Ninghui Li	Purdue University
Jorge Lobo	IBM Watson Research Center

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 169, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1377836.1377853 What is a DOI?

ABSTRACT

With the advances in web service techniques, new collaborative applications have emerged like supply chain arrangements and coalition in government agencies. In such applications, the collaborating parties are responsible for managing and protecting resources entrusted to them. Access control decisions thus become a collaborative activity in which a global policy must be enforced by a set of collaborating parties without compromising the autonomy or confidentiality requirements of these parties. Unfortunately, none of the conventional access control systems meets these new requirements. To support collaborative access control, in this paper, we propose a novel policy-based access control model. Our main idea is based on the notion of policy decomposition and we propose an extension to the reference architecture for XACML. We present algorithms for decomposing a global policy and efficiently evaluating requests.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Parthenon XACML evaluation engine. http://www.parthenoncomputing.com/xacml toolkit.html.
	2	Sun's XACML open source implementation. http://sunxacml.sourceforge.net.
	3	Extensible access control markup language (XACML) version 2.0. OASIS Standard, 2005.
	4	A. Anderson. Evaluating XACML as a policy language. Technical report, OASIS, 2003.
	5	A Goal-based Approach to Policy Refinement, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, p.229, June 07-09, 2004
	6	Eve Cohen , Roshan K. Thomas , William Winsborough , Deborah Shands, Models for coalition-based access control (CBAC), Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507727]
	7	W. Keith Edwards, Policies and roles in collaborative applications, Proceedings of the 1996 ACM conference on Computer supported cooperative work, p.11-20, November 16-20, 1996, Boston, Massachusetts, United States [doi>10.1145/240080.240175]
	8	Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , Michael Carl Tschantz, Verification and change-impact analysis of access-control policies, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA [doi>10.1145/1062455.1062502]
	9	Keith Frikken , Mikhail Atallah , Jiangtao Li, Attribute-Based Access Control with Hidden Policies and Hidden Credentials, IEEE Transactions on Computers, v.55 n.10, p.1259-1270, October 2006 [doi>10.1109/TC.2006.158]
	10	Jing Jin , Gail-Joon Ahn, Role-based access management for ad-hoc collaborative sharing, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133086]
	11	Ninghui Li , Wenliang Du , Dan Boneh, Oblivious signature-based envelope, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.182-189, July 13-16, 2003, Boston, Massachusetts [doi>10.1145/872035.872061]
	12	M. Lorch , D. B. Adams , D. Kafura , M. S. R. Koneni , A. Rathi , S. Shah, The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments, Proceedings of the 4th International Workshop on Grid Computing, p.109, November 17-17, 2003
	13	Markus Lorch , Seth Proctor , Rebekah Lepro , Dennis Kafura , Sumit Shah, First experiences using XACML for access control in distributed systems, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia [doi>10.1145/968559.968563]
	14	L. Pearlman , V. Welch , I. Foster , C. Kesselman , S. Tuecke, A Community Authorization Service for Group Collaboration, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.50, June 05-07, 2002
	15	Linying Su , David W. Chadwick , Andrew Basden , James A. Cunningham, Automated Decomposition of Access Control Policies, Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, p.3-13, June 06-08, 2005 [doi>10.1109/POLICY.2005.10]
	16	Mary R. Thompson , Abdelilah Essiari , Srilekha Mudumbai, Certificate-based authorization policy in a PKI environment, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.566-588, November 2003 [doi>10.1145/950191.950196]