Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2006: Data and Applications Security XX pp 252–266Cite as

  1. Home
  2. Data and Applications Security XX
  3. Conference paper
A Framework for Flexible Access Control in Digital Library Systems

A Framework for Flexible Access Control in Digital Library Systems

  • Indrajit Ray18 &
  • Sudip Chakraborty18 
  • Conference paper

  • 672 Accesses

  • 6 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

Traditional access control models are often found to be inadequate for digital libraries. This is because the user population for digital libraries is very dynamic and not completely known in advance. In addition, the objects stored in a digital library are characterized by fine-grained behavioral interfaces and highly-contextualized access restrictions that require a user’s access privileges to be updated dynamically. These motivate us to propose a trust-based authorization model for digital libraries. Access privileges can be associated with both objects and content classes. Trust levels associated with these specify the minimum acceptable level of trust needed of a user to allow access to the objects. We use a vector trust model to calculate the system’s trust about a user. The model uses a number of different types of information about a user, for example, prior usage history, credentials, recommendations etc., to calculate the trust level in a dynamic manner and thus achieve a fine-grained access control.

Keywords

  • Access Control
  • Digital Library
  • Trust Relationship
  • Trust Level
  • Access Control Policy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work was partially supported by the U.S. Air Force Research Laboratory (AFRL) and the Federal Aviation Administration (FAA) under contract F30602-03-1-0101 and by the National Science Foundation (NSF) of the USA under grant IIS-0242258. Any opinions, findings, and conclusions or recommendations expressed in this publication are solely those of the authors and do not necessarily represent those of the AFRL, the FAA, or the NSF.

Chapter PDF

Download to read the full chapter text

References

  1. Bertino, E., Ferrari, E., Perego, A.: Max: An access control system for digital libraries and the web. In: Proceedings of the 26th IEEE International Computer Software and Applications Conference, Oxford, UK (2002)

    Google Scholar 

  2. Gladney, H.M.: Access Control for Large Collections. ACM Transactions on Information Systems 15(2), 154–194 (1997)

    CrossRef  Google Scholar 

  3. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA (1996)

    Google Scholar 

  4. Blaze, M., Feigenbaum, J., Ioannidia, J.: The KeyNote Trust Management System Version 2. Internet Society, Network Working Group. RFC 2704 (1999)

    Google Scholar 

  5. Li, N., Mitchell, J.: Datalog with Constraints: A Foundation for Trust-management Languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  6. Winslett, M., Ching, N., Jones, V., Slepchin, I.: Assuring security and privacy for digital library transactions on the Web: client and server security policies. In: Proceedings of the IEEE International Forum on Research and Technology Advances in Digital Libraries, Washington, DC, USA, pp. 140–151 (1997)

    Google Scholar 

  7. Skogsrud, H., Benatallah, B., Casati, F.: A Trust Negotiation System for Digital Library Web Services. Journal of Digital Libraries, Special Issue on Security 4(3) (2004)

    Google Scholar 

  8. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.: Adaptive Trust Negotiation and Access Control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (2005)

    Google Scholar 

  9. Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A Content-Based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering 14(2), 296–315 (2002)

    CrossRef  Google Scholar 

  10. Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Proceedings of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, pp. 134–143. ACM Press, New York (2000)

    Google Scholar 

  11. Ray, I., Chakraborty, S.: A Vector Model of Trust for Developing Trustworthy Systems. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 260–275. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  12. Ray, I., Chakraborty, S., Ray, I.: VTrust: A Trust Management System Based on a Vector Model of Trust. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 91–105. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Colorado State University, Fort Collins, CO, 80523, USA

    Indrajit Ray & Sudip Chakraborty

Authors
  1. Indrajit Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sudip Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy

    Ernesto Damiani

  2. The Logistics Institute, Northeastern University, Shenyang, China

    Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 IFIP International Federation for Information Processing

About this paper

Cite this paper

Ray, I., Chakraborty, S. (2006). A Framework for Flexible Access Control in Digital Library Systems. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_18

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/11805588_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36796-3

  • Online ISBN: 978-3-540-36799-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Cancel contracts here

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature