Towards Coequal Authorization for Dynamic Collaboration (original) (raw)

Abstract

In dynamic collaboration, participants oftentimes need to share resources with each other under the same criteria. However, since each participant has its own authorization policies as a way of controlling resource access, their discrepancies make such collaboration difficult. It is desired to develop a practical and automatic way to generate the collaborative policies for coequal authorizations. In this paper, we investigate this problem by proposing an authorization framework based on the widely adopted XACML policy. Each practical XACML policy is converted into Boolean expressions and further refined as a set of atomic rules against the policy structure. With the rule set, the combination algorithms in policies and the collaboration preference of participants, the collaborative authorization policy is automatically generated. We analyze the consistency of the collaborative policies with previous authorization policies. Some experiments are performed to exam our approach and show that it can efficiently solve the problem of coequal authorizations.

Preview

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

1. Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security (TISSEC) 6, 286–325 (2003)
   Article Google Scholar
2. Lee, A.J., Boyer, J.P., Olson, L.E., Gunter, C.A.: Defeasible security policy composition for web services. In: Proceedings of the fourth ACM workshop on Formal methods in security, Alexandria, USA (2006)
   Google Scholar
3. Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decision. In: Proceedings of the 4th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Sydney, Australia (2009)
   Google Scholar
4. Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: Fine-grained integration of access control policies. Computers and Security 30, 91–107 (2011)
   Article Google Scholar
5. Backes, M., Durmuth, M., Steinwandt, R.: An Algebra for Composing Enterprise Privacy Policies. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)
   Chapter Google Scholar
6. Bonatti, P., Vimercati, S.D.C.D., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security (TISS) 5, 1–35 (2002)
   Article Google Scholar
7. Kostutanski, H., Massacci, F.: An access control framework for business processes for web services. In: Proceedings of ACM Workshop on XML Security, pp. 15–24 (2003)
   Google Scholar
8. Mazzoleni, P., Bertino, E., Crispo, B.: Xacml policy integration algorithms. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 223–232 (2006)
   Google Scholar
9. Extensible access control markup language (xacml) version 2.03. Technical report (2005)
   Google Scholar
10. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering (ICSE), pp. 196–205 (2005)
    Google Scholar
11. Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, Venice, Italy, pp. 124–138 (2006)
    Google Scholar
12. Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: ACM Symposium on Access Control Models and Technologies (SACMAT), Sophia Antipolis, France, pp. 1–10 (2007)
    Google Scholar
13. Chen, C., Sun, Y., Pan, P.: Similarity analysis on heterogeneous security policy. In: The Third International Conference on Pervasive Computing and Applications (ICPCA 2008), Alexandria, Egypt, pp. 680–685 (2008)
    Google Scholar
14. Shehab, M., Ghafoor, A., Bertino, E.: Secure collaboration in a mediator-free distributed environments. IEEE Transactions on Parallel and Distributed Systems 19, 1338–1351 (2008)
    Article Google Scholar
15. Anderson, A.: Evaluating xacml as a policy language. Technical report, OASIS (2003)
    Google Scholar

Download references

Author information

Authors and Affiliations

1. School of Computer Science and Technology, Shandong University, Jinan, Shandong, 250100, China
   Yuqing Sun & Chen Chen

Authors

1. Yuqing Sun
2. Chen Chen

Editor information

Editors and Affiliations

1. Department of Life Science and Informatics, Maebashi Institute of Technology, 460-1 Kamisadori-Cho, Maebashi-City, 371.0816, Japan
   Ning Zhong
2. Department of Computer Science, University of Essex, Wivenhoe Park, CO4 3SQ, Colchester, Essex, UK
   Vic Callaghan
3. Faculty of Computer Science, University of New Brunswick, E3B 5A3, Fredericton, N.B., Canada
   Ali A. Ghorbani
4. School of Information Science and Engineering, Lanzhou University, Feiyun Lou Building, Tianshui South Road 222, 730000, Lanzhou, Gansu, China
   Bin Hu

Rights and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, Y., Chen, C. (2011). Towards Coequal Authorization for Dynamic Collaboration. In: Zhong, N., Callaghan, V., Ghorbani, A.A., Hu, B. (eds) Active Media Technology. AMT 2011. Lecture Notes in Computer Science, vol 6890. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23620-4\_26

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/978-3-642-23620-4\_26
• Publisher Name: Springer, Berlin, Heidelberg
• Print ISBN: 978-3-642-23619-8
• Online ISBN: 978-3-642-23620-4
• eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Keywords

Publish with us