A Credential-Based Approach for Facilitating Automatic Resource Sharing Among Ad-Hoc Dynamic Coalitions

  • Janice Warner
  • Vijayalakshmi Atluri
  • Ravi Mukkamala
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3654)


Today, there is an increasing need for dynamic, efficient and secure sharing of resources among organizations. In a dynamic coalition environment, participants (including users and systems) of an organization may need to gain access quickly to resources of other organizations in an unplanned manner to accomplish the task at hand. Typically, when entities agree to share their information resources, the access control policies are agreed upon at the coalition level. These coalition level agreements are not at the level of fine-grained policies, in the sense that they do not specify which specific users can access which data object. In this paper, we propose a dynamic coalition-based access control (DCBAC) model that allows automatic access to resources of one coalition entity by users from another coalition entity. To make the model applicable to true ad-hoc dynamic coalitions, we employ a coalition service registry, where coalition entities publicize their coalition level access policies. Any coalition entity wishing to access a specific resource of another coalition entity can obtain a ticket by submitting its entity credentials which are subsequently evaluated by the coalition service registry. DCBAC employs a policy mapper layer that computes the exact credentials required by remote users that are comparable to those required by local users. We demonstrate how the coalition and resource level access policies can be specified in XML-based languages and evaluated.


Access Control Access Control Policy Access Request Security Assertion Markup Language Subject Profile 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Atluri, V., Warner, J.: Automatic enforcement of access control policies among dynamic coalitions. In: Ghosh, R.K., Mohanty, H. (eds.) ICDCIT 2004. LNCS, vol. 3347, pp. 369–378. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Bharadwaj, V., Baras, J.: A framework for automated negotiation of access control policies. In: Proceedings of DISCEX III (2003)Google Scholar
  3. 3.
    Cohen, E., Winsborough, W., Thomas, R., Shands, D.: Models for coalition-based access control (cbac). In: SACMAT (2002)Google Scholar
  4. 4.
    Freudenthal, P., Pesin, K., Port, K.: drbac: Distributed role-based access control for dynamic coalition environments. In: ICDCS (July 2002)Google Scholar
  5. 5.
    Khurana, H., Gavrila, S., Bobba, R., Koleva, R., Sonalker, A., Dinu, E., Gligor, V., Baras, J.: Integrated security services for dynamic coalitions. In: Proc. of the DISCEX III (2003)Google Scholar
  6. 6.
    OASIS. extensible access control markup language (XACML), version 2. OASIS Standard (February 2005)Google Scholar
  7. 7.
    OASIS. Universal description discovery and integration (UDDI), version 3.0.2. OASIS Standard (February 2005)Google Scholar
  8. 8.
    OASIS. Assertions and protocols for the oasis security assertion markup language (saml), version 2. OASIS Standard (January 2005)Google Scholar
  9. 9.
    Philips, C., Charles, E., Ting, T., Demurjian, S.: Towards information assurance in dynamic coalitions. In: IEEE IAW, USMA (February 2002)Google Scholar
  10. 10.
    Philips, C., Ting, T.C., Demurjian, S.: Information sharing and security in dynamic coalitions. In: SACMAT (2002)Google Scholar
  11. 11.
    Silberschatz, A., Galvin, P., Gagne, G.: Operating System Concepts with Java, 6th edn. John Wiley and Sons, Chichester (2004)Google Scholar
  12. 12.
    Wedde, H.F., Lischka, M.: Cooperative role-based administration. In: SACMAT (2003)Google Scholar
  13. 13.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1), 1–42 (2003)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Janice Warner
    • 1
  • Vijayalakshmi Atluri
    • 1
  • Ravi Mukkamala
    • 2
  1. 1.Rutgers UniversityNewarkUSA
  2. 2.Old Dominion UniversityNorfolkUSA

Personalised recommendations