Consistency checking of role assignments in inter-organizational collaboration

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Consistency checking of role assignments in inter-organizational collaboration

Full text

Pdf (512 KB)

Source

Geographic Information Systems archive
Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS table of contents

Irvine, California

SESSION: Policies table of contents

Pages 82-88

Year of Publication: 2008

ISBN:978-1-60558-324-2

Authors

Paul El Khoury	University Claude Bernard Lyon, LIRIS CNRS, Mougins - France
Emmanuel Coquery	University Claude Bernard Lyon, LIRIS CNRS, Villeurbanne Cedex - France
Mohand-Said Hacid	University Claude Bernard Lyon, LIRIS CNRS, Villeurbanne Cedex - France

Sponsors

SIGSPATIAL : ACM Special Interest Group on Spatial Information
CERIAS : The Center for Education and Research in Information Assurance and Security
OCR : IBM Open Collaboartive Research Initiative

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 79, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1503402.1503417 What is a DOI?

ABSTRACT

The establishment of globalization is driving inter- organizational collaboration towards a necessity. We cannot expect total conformity between organizations nor homogeneous security settings. Nevertheless, each organization, with its own security policies, needs to exchange data. Employees involved in inter-organizational tasks shall require remote access to data hosted by other organizations. Administrating access control policies for those employees creates problems for security officers, particularly for role assignments. Flexibility in extending (or restricting) permissions for roles imported from other organizations is required. In this work, we present an approach based on Description Logic formalisms to create from the inter-organizational agreement a set of bridge rules that in addition to (i) the permissions assigned to a given role from one organization and (ii) the permissions assigned to another role in the other organization, allows security officers to check consistency of the resulting combination of roles from both organizations.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Franz Baader , Diego Calvanese , Deborah L. McGuinness , Daniele Nardi , Peter F. Patel-Schneider, The description logic handbook: theory, implementation, and applications, Cambridge University Press, New York, NY, 2003
	2	Lujo Bauer , Scott Garriss , Michael K. Reiter, Detecting and resolving policy misconfigurations in access-control systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA [doi>10.1145/1377836.1377866]
	3	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001 [doi>10.1145/383891.383894]
	4	Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005 [doi>10.1145/1065545.1065547]
	5	A. Borgida and L. Serafini. Distributed description logics: Assimilating information from peer sources. Journal of Data Semantics, (1):153--184, 2003.
	6	Martin Buchheit , Manfred A. Jeusfeld , Werner Nutt , Martin Staudt, Subsumption between queries to object-oriented databases, Proceedings of the 4th international conference on extending database technology: Advances in database technology, p.15-22, May 1994, Cambridge, United Kingdom
	7	Liang Chen , Jason Crampton, Inter-domain role mapping and least privilege, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266866]
	8	Francesco M. Donini , Maurizio Lenzerini , Daniele Nardi , Andrea Schaerf, A Hybrid System with Datalog and Concept Languages, Proceedings of the 2nd Congress of the Italian Association for Artificial Intelligence on Trends in Artificial Intelligence, p.88-97, October 29-31, 1991
	9	Siqing Du , James B. D. Joshi, Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA [doi>10.1145/1133058.1133090]
	10	D. Ferraiolo and D. Kuhn. Role based access control. In Proceedings of the 15th National Computer Security Conference, 1992.
	11	T. Finin , A. Joshi , L. Kagal , J. Niu , R. Sandhu , W. Winsborough , B. Thuraisingham, ROWLBAC: representing role based access control in OWL, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA [doi>10.1145/1377836.1377849]
	12	Thom W. Frühwirth, Constraint Handling Rules, Selected Papers from Constraint Programming: Basics and Trends, p.90-107, May 16-20, 1994
	13	Hongxin Hu , GailJoon Ahn, Enabling verification and conformance testing for access control model, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA [doi>10.1145/1377836.1377867]
	14	Myong H. Kang , Joon S. Park , Judith N. Froscher, Access control mechanisms for inter-organizational workflow, Proceedings of the sixth ACM symposium on Access control models and technologies, p.66-74, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373266]
	15	Li Ma , Shilong Ma , Yuefei Sui, A Dynamic Description Logic Approach to Extended RBAC Model, Proceedings of the Future Generation Communication and Networking, p.284-288, December 06-08, 2007 [doi>10.1109/FGCN.2007.8]
	16	Frédéric Cuppens , Alexandre Miège, Modelling Contexts in the Or-BAC Model, Proceedings of the 19th Annual Computer Security Applications Conference, p.416, December 08-12, 2003
	17	M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989 [doi>10.1145/65000.65002]
	18	Basit Shafiq , Arif Ghafoor, Access control management and security in multi-domain collaborative environments, Purdue University, West Lafayette, IN, 2006
	19	HongHai Shen , Prasun Dewan, Access control for collaborative environments, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, p.51-58, November 01-04, 1992, Toronto, Ontario, Canada [doi>10.1145/143457.143461]
	20	S. R. Smriti Sinha, Mousum Handique. Networks, data mining and artificial intelligence trends and future directions. Proc. Of the National Workshop on Trends in Advanced Computing, Narosa Publishers:pp 193--201, 2006.
	21	Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266870]
	22	Janice Warner , Vijayalakshmi Atluri , Ravi Mukkamala , Jaideep Vaidya, Using semantics for automatic enforcement of access control policies among dynamic coalitions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France [doi>10.1145/1266840.1266877]
	23	C. Zhao, N. Heilili, S. Liu, and Z. Lin. Representation and reasoning on rbac: A description logic approach. In In ICTAC, pages 381--393, 2005.