Trust-orBAC: A Trust Access Control Model in Multi-Organization Environments
Access control in Multi-Organization Environment is a critical issue. Classical access control models like Role Based Access Control (RBAC) and Organization Based Access Control (orBAC) need some improvements to be used in such environment, where the collaboration is established between organizations and not directly with the clients. In particular, some characteristics of this scenario are that the users may be unknown in advance and/or the behaviors of the users and the organization may change during the collaboration. Hence, in this context the use of trust management with an access control model is recommended.
To achieve this goal in this paper a new model called Trust-orBAC that adds the notion of trust management to orBAC is presented. This approach consists in defining two dynamic trust vectors: one for the organizations and one for users which are based on different parameters such as knowledge, reputation and experience. Finally, we illustrate the use of Trust-orBAC with a case study.
KeywordsAccess Control Trust Model Security Policy Trust Management Trust Level
Unable to display preview. Download preview PDF.
- 1.Bertino, E., Ferrari, E., Squicciarini, A.: Trust negotiations: Concepts, systems, and languages. Computing in Science & Engineering 6, 27–34 (2004)Google Scholar
- 2.Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: ACM Symposium on Access Control Models And Technologies, SACMAT 2006. ACM (2006)Google Scholar
- 5.Jiang, T., Baras, J.S.: Trust credential distribution in autonomic networks. In: Global Communications Conf., GLOBECOM 2008. IEEE (2008)Google Scholar
- 6.Cavalli, A., Toumi, K., El Maarabani, M.: Role based interoperability security policies in collaborative systems. In: Int. Symposium on Security in Collaboration Technologies and Systems. IEEE Press (2012)Google Scholar
- 8.Kamel, M., Laborde, R., Benzekri, A., Barrere, F.: A best practices-oriented approach for establishing trust chains within virtual organisations. In: Enterprise Distributed Object Computing Conf. Workshops, EDOCW 2008. IEEE (2008)Google Scholar
- 16.Resnick, P., Zeckhauser, R., Friedman, E., Kuwabara, K.: Reputation systems. Communications of the ACM 43(12) (2000)Google Scholar
- 17.Sacha, K.: Trust Management Languages and Complexity. In: Meersman, R., Dillon, T., Herrero, P., Kumar, A., Reichert, M., Qing, L., Ooi, B.-C., Damiani, E., Schmidt, D.C., White, J., Hauswirth, M., Hitzler, P., Mohania, M. (eds.) OTM 2011, Part II. LNCS, vol. 7045, pp. 588–604. Springer, Heidelberg (2011)CrossRefGoogle Scholar
- 18.Toumi, K., Andrés, C., Cavalli, A., El Maarabani, M.: A vector based model approach for defining trust in multi-organization environments. In: 7th Int. Conf. on Risks and Security of Internet and Systems, CRISIS 2012. IEEE Computer Society Press (in press, 2012)Google Scholar