Automatic Enforcement of Access Control Policies Among Dynamic Coalitions

  • Vijayalakshmi Atluri
  • Janice Warner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3347)

Abstract

The need to securely share information on an ad-hoc basis between collaborating entities is increasingly becoming important. We propose a coalition based access control model (CBAC), comprised of three layers: coalition, role and user-object layers. Our model enables translation of coalition level policies to implementation level access control in a manner similar to that of the layers of the TCP/IP protocol. We present a coalition policy translation protocol that allows the implementation level access control details to be piggybacked as the access control policy percolates to the coalition level, and similarly, as the coalition level policy trickles down to the implementation level. Under our approach, a user’s request to access an object belonging to another coalition entity is automatically translated by employing an approach that considers attributes associated with user credentials and objects. Our approach ensures that the individual access control policies of each coalition entity as well as the agreed-upon coalition policies for sharing are enforced.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [BB03]
    Bharadwaj, V., Baras, J.: A Framework for Automated Negotiation of Access Control Policies. In: Proceedings of DISCEX III (2003)Google Scholar
  2. [CWTS02]
    Cohen, E., Winsborough, W., Thomas, R., Shands, D.: Models for Coalition-based Access Control (CBAC) In: SACMAT (2002)Google Scholar
  3. [FERR01]
    Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. In: TISSEC (August 2001)Google Scholar
  4. [FPPKK02]
    Freudenthal, E., Pesin, T., Port, L., Keenen, E., Karamcheti, V.: dRBAC: Distributed Role-Based Access Control for Dynamic Coalition Environments. In: ICDCS (2002)Google Scholar
  5. [JSSS01]
    Jajodia, S., Samarati, P., Pierangela, S., Maria, L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM TODs (June 2001)Google Scholar
  6. [KGBK03]
    Khurana, H., Gavrila, S., Bobba, R., Koleva, R., Sonalker, A., Dinu, E., Gligor, V., Baras, J.: Integrated Security Services for Dynamic Coalitions. In: Proc. of the DISCEX III (2003)Google Scholar
  7. [KH02]
    Kuo, Humenn: Dynamically Authorized RBAC for Secure Distributed Computation. In: ACM Workshop for XML Security (November 2002)Google Scholar
  8. [OSM00]
    Osborn, S., Sandhu, R., Munawer, Q.: Configuring RBAC to Enforce Mandatory and DAC Policies. In: ACM TISSEC (May 2000)Google Scholar
  9. [PTD02a]
    Philips, C., Ting, T.C., Demurjian, S.: Information Sharing and Security in Dynamic Coalitions. In: SACMAT 2002Google Scholar
  10. [PTD02b]
    Philips, C., Charles, E., Ting, T., Demurjian, S.: Towards Information Assurance in Dynamic Coalitions. In: IEEE IAW, USMA (February 2002)Google Scholar
  11. [WL03]
    Philips, C., Ting, T.C., Demurjian, S.: Information Sharing and Security in Dynamic Coalitions. In: SACMAT 2002Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Vijayalakshmi Atluri
    • 1
  • Janice Warner
    • 1
  1. 1.MSIS Department and CIMICRutgers UniversityUSA

Personalised recommendations