An Access Control Scheme for Multi-agent Systems over Multi-Domain Environments

  • C. Martínez-García
  • G. Navarro-Arribas
  • J. Borrell
  • A. Martín-Campillo
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 55)


Multi-agent systems and mobile agents are enabling the deployment of applications in multi-domain environments. In these scenarios, different domains interact toward the same goal through resource sharing. As a result, there is the need to control the actions that an agent can perform in a foreign domain, with the only information of where it comes from and which roles does it hold in its own domain. However, this information will not be directly understandable as domains may not share the same role definitions.

MedIGS is a multi-agent middleware for the medical data sharing between hospitals which take part of a multi-domain environment. In this paper, a distributed access control for MedIGS is presented. Based on attribute conversion, this authorization scheme proposes a solution with a minimum impact in the local access control systems of the hospitals.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alo, R., Berrached, A., De Korvin, A., Beheshti, M.: Using fuzzy relation equations for adaptive access control in distributed systems. In: Advances In Infrastructure For e-Bussiness And Education On The Internet, pp. 176–184 (2000)Google Scholar
  2. 2.
    Alqatawna, J., Rissanen, E., Sadighi, B.: Overriding of access control in xacml. In: POLICY 2007: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 87–95. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  3. 3.
    Ametller, J., Robles, S., Ortega-Ruiz, J.A.: An implementation of self-protected mobile agents. In: Eleventh IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, Brno, Czech Republic, pp. 544–549. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  4. 4.
    Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  5. 5.
    Foley, S.N.: Supporting imprecise delegation in keynote using similarity measures. In: Sixth Nordic Workshop on Secure IT Systems (2001)Google Scholar
  6. 6.
    Gong, L., Qian, X.: Computational issues in secure interoperation. Software Engineering 22(1), 43–52 (1996)CrossRefGoogle Scholar
  7. 7.
    Hosmer, H.H.: Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. In: NSPW 1992-1993: Proceedings on the 1992-1993 workshop on New security paradigms, pp. 175–184. ACM, New York (1993)CrossRefGoogle Scholar
  8. 8.
    López, G., Cánovas-Reverte, O., Gómez-Skarmeta, A.F.: Use of xacml policies for a network access control service. In: 4th International Workshop for Appiled PKI, IWAP 2005 (September 2005)Google Scholar
  9. 9.
    López, G., Cánovas, Ó., Gómez-Skarmeta, A.F., Otenko, S., Chadwick, D.W.: A heterogeneous network access service based on PERMIS and SAML. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 55–72. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Navarro-Arribas, G., Foley, S.: Approximating SAML using similarity based imprecision. Intelligence in Communication Systems (January 2005)Google Scholar
  11. 11.
    Odlyzko, A.: Economics, psychology, and sociology of security. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 182–189. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Ovchinnikov, S.: Fuzzy sets and secure computer systems. In: NSPW 1994: Proceedings of the 1994 workshop on New security paradigms, pp. 54–62. IEEE Computer Soceity Press, Los Alamitos (1994)Google Scholar
  13. 13.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: POLICY 2002: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Washington, DC, USA, p. 50. IEEE Computer Soceity, Los Alamitos (2002)Google Scholar
  14. 14.
    Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing rbac policies. IEEE Transactions on Knowledge and Data Engineering 17(11), 1557–1577 (2005)CrossRefGoogle Scholar
  16. 16.
    Sun, Y., Pan, P., Leung, H., Shi, B.: Ontology based hybrid access control for automatic interoperation. In: Automatic and Trusted Computing. LNCS, pp. 323–332. Springer, Heidelberg (2007)Google Scholar
  17. 17.
    Vieira-Marques, P., Robles, S., Cucurull, J., Cruz-Correia, R., Navarro-Arribas, G., Martí, R.: Secure integration of distributed medical data using mobile agents. IEEE Intelligent Systems 21(6) (November-December 2006)Google Scholar
  18. 18.
    Zadeh, L.A.: Fuzzy sets. Information and Control 8(3), 338–353 (1965)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • C. Martínez-García
    • 1
  • G. Navarro-Arribas
    • 2
  • J. Borrell
    • 1
  • A. Martín-Campillo
    • 1
  1. 1.Dept. of Information and Communication EngineeringUniversitat Autònoma de Barcelona 
  2. 2.IIIA, Artificial Intelligence Research InstituteCSIC, Spanish National Research Council 

Personalised recommendations