ShareEnabler: Policy-Driven Access Management for Ad-Hoc Collaborative Sharing

  • Jing Jin
  • Gail-Joon Ahn
  • Mukesh Singhal
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4254)


The rise of the Internet has introduced dramatic changes in managing and sharing digital resources among widely dispersed groups. This paper presents a policy-driven access management approach for ad-hoc collaboration to enable secure information sharing in heterogeneous network environments. In particular, we attempt to incorporate the features of distributed role-based access control, delegation and dissemination control to meet the fundamental access control requirements associated with resource originators. These features are realized in a set of XACML-based Role-based Originator Authorization policies (ROA). We propose a security architecture, called ShareEnabler, to achieve effective authorization and enforcement mechanisms in the context of Peer-to-Peer (P2P) networking oriented file sharing. We briefly discuss our proof-of-concept prototype implementation based on an existing P2P file sharing toolkit developed by Lawrence Berkeley National Laboratory.


Access Control Access Control Model Access Request Role Assignment Transport Layer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baker, M., Buyya, R., Laforenza, D.: The Grid: International efforts in global computing. International Journal of Software Practice and Experience (2002)Google Scholar
  2. 2.
    Oram, A. (ed.): Peer-to-peer: Harnessing the power of disruptive technologies. O’Reilly, Sebastopol (2001)Google Scholar
  3. 3.
    Berket, K., Agarwal, D.: Enabling secure ad-hoc collaboration. In: Proceedings of the Workshop on Advanced Collaborative Environments (2003)Google Scholar
  4. 4.
    Berket, K., Essiari, A., Muratas, A.: PKI-based security for peer-to-peer information sharing. In: Proceedings of the Fourth IEEE International Conference on Peer-to-Peer Computing (2004)Google Scholar
  5. 5.
    Agarwal, D., Chevassut, O., Thompson, M.R., Tsudik, G.: An integrated solution for secure group communication in wide-area networks. In: Proceedings of the 6th IEEE Symposium on Computers and Communications, pp. 22–28 (2001)Google Scholar
  6. 6.
    Kihlstrom, K.P., Moser, L.E., Melliar-Smith, P.M.: The securering protocols for securing group communication. In: Proceedings of 31st IEEE HICSS, pp. 317–326 (1998)Google Scholar
  7. 7.
    Reiter, M.K.: Secure group membership protocol. In: Proceedings of IEEE Symposium on Research in Security and Privacy (1994)Google Scholar
  8. 8.
  9. 9.
    Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29 (1996)Google Scholar
  10. 10.
    Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R., R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)Google Scholar
  11. 11.
    Zhang, L., Ahn, G.J., Chu, B.T.: A rule-based framework for role-based delegation and revocation. ACM Transactions on Information and System Security (TISSEC) 6, 404–441 (2003)CrossRefGoogle Scholar
  12. 12.
    Ahn, G.J., Mohan, B.: Secure information sharing using role-based delegation. Journal of Network and Computer Applications 2 (2005)Google Scholar
  13. 13.
    Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC), p. 168. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  14. 14.
    Abrams, M.D., Heaney, J., King, O., LaPadula, L.J., Lazear, M., Ol, I.M.: Generalized framework for access control: Towards prototyping the orgcon policy. In: Proceedings of the 14th National Computing Security Conference, pp. 257–266 (1991)Google Scholar
  15. 15.
    McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of MAC and DAC — defining new forms of access control. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 190–200 (1990)Google Scholar
  16. 16.
    Park, J., Sandhu, R.: Originator control in usage control. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002) (2002)Google Scholar
  17. 17.
    Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 57–64 (2002)Google Scholar
  18. 18.
    Thomas, R., Sandhu, R.: Towards a multi-dimensional characterization of dissemination control. In: Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (2004)Google Scholar
  19. 19.
  20. 20.
    RFC2246: The TLS protocol version 1.0 (1999),
  21. 21.
    OASIS: XACML 2.0 core: extensible access control markup language (xacml) version 2.0 (2005),
  22. 22.
    RFC2396: Uniform resource identifiers (URI): Generic syntax (1998),
  23. 23.
    OASIS: Core and hierarchical role based access control (rbac) profile of xacml v2.0 (2005),
  24. 24.
    ITU-T: The directory: Public-key and attribute certificate frameworks. ISO/IEC 9594-8:2001 (2001)Google Scholar
  25. 25.
    RSA: PKCS #12: Personal information exchange syntax standard (1999),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jing Jin
    • 1
  • Gail-Joon Ahn
    • 1
  • Mukesh Singhal
    • 2
  1. 1.Department of Software and Information SystemsUniversity of North Carolina at CharlotteCharlotteUSA
  2. 2.Department of Computer ScienceUniversity of KentuckyLexingtonUSA

Personalised recommendations