Abstract
The evolution of markets and the high volatility of business requirements put an increasing emphasis on the ability for systems to accommodate the changes required by new organizational needs while maintaining security objectives satisfiability. This is even more true in case of collaboration and interoperability between different organizations and thus between their information systems. Usual solutions do not anticipate interoperability security requirements or do it in a non satisfactory way. In this chapter, we propose a contract and compatibility principles within a formal framework O2O [1] to achieve a secure interoperation. Contracts are used to explicitly represent the rules that determine the way interaction between organizations must be controlled to satisfy secure accesses to resources. Compatibility relations make it possible to derive interoperability security policies. We specify all the wheelwork of interoperation between organizations which might manage their security policies using access control model RBAC [2] and/or OrBAC [3].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Bibliography
F. Cuppens, N. Cuppens-Boulahia, and C. Coma. O2O: Virtual Private Organizations toManage Security Policy Interoperability. In Second International Conference on Information Systems Security (ICISS’06) (December, 2006).
R. Sandhu, D. Ferraiolo, and R. Kuhn, Role-based access control, In American national standard for information technology: ANSI INCI TS 359-2004 (February 3. 2004).
O. et al., The OrBAC Model Web Site. 2006.
A. Abou El Kalam, R. E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Mi`ege, C. Saurel, and G. Trouessin. Organization Based Access Control. In 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy’03) (June, 2003).
S. Cantor, J. Hodges, J. Kemp, and P. Thompson, Liberty ID-FF Architecture Overview. (Thomas Wason edition, https://www.projectliberty.org/resources/ specifications. php#box1, 2005).
R. Oppliger,Microsoft.net passport: A security analysis, Computer. 36(7), 29–35, (2003). ISSN 0018-9162.
A. Pashalidis and C. J. Mitchell. A Taxonomy of Single Sign-On Systems. In Lecture Notes in Computer Science, vol. 2727, pp. 249 – 264 (Junary, 2003).
J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. In 12th ACM Conference on Computer and Communications Security, CCS 2005,pp. 46–57, Alexandria, VA, USA (November 7-11, 2005).
T. toolkit. Trustbuilder download: http://dais.cs.uiuc.edu/dais/security/trustb.php, (2003).
E. Bertino, E. Ferrari, and A. C. Squicciarini, Trust-X: A Peer-to-Peer Framework for Trust Establishment, IEEE Trans. Knowl. Data Eng. 16(7), 827–842, (2004).
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-Based Access Control Models, Computer. 29(2), 38–47, (1996). ISSN 0018-9162.
E. Yuan and J. Tong. Attributed based access control (ABAC) for Web services. In IEEE International Conference on Web Services (ICWS’05) (July 11-15, 2005).
E. Bertino, E. Ferrari, and A. Squicciarini. X-TNL: An XML-based Language for Trust Negotiations. In Fourth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’03) (June 04-06, 2003).
D. L. Mcguinness and F. van Harmelen. Owl web ontology language overview. In http://www.w3.org/TR/2004/REC-owl-features-20040210/ (February, 2004).
D. Connolly, F. van Harmelen, I. Horrocks, D. L. McGuinness, L. A. Stein, and L. Technologies. Daml+oil reference description. In http://www.w3.org/TRdaml+oil-reference (December, 2001).
R. Masuoka, M. Chopra, Z. Song, Y. K. Labrou, L. Kagal, and T. Finin. Policy-based Access Control for Task Computing Using Rei. In Policy Management for the Web Workshop, WWW 2005, pp. 37–43 (May, 2005).
A. Uszok, J.M. Bradshaw,M. Johnson, R. Jeffers, A. Tate, J. Dalton, and S. Aitken, Kaos policy management for semantic web services, IEEE Intelligent Systems. 19(4), (2004).
C. Coma, N. Cuppens-Boulahia, F. Cuppens, and A. R. Cavalli. Context Ontology for Secure Interoperability. In 3rd International Conference on Availability, Reliability and Security (ARES’08) (March 4-7, 2008).
F. Cuppens, N. Cuppens-Boulahia, and M. B. Ghorbel, High level conflict management strategies in advanced access control models, Electronic Notes in Theoretical Computer Science (ENTCS). 186, 3–26 (Jully, 2007).
H.-H. Do and E. Rahm. COMA - A System for Flexible Combination of Schema Matching Approaches. In 28th Conference on Very Large Databases (VLDB’02) (August, 2002).
A. Doan, J. Madhavan, R. Dhamankar, P. Domingos, and A. Halevy, Learning to match ontologies on the SemanticWeb, The VLDB Journal. 12(4), 303–319, (2003). ISSN 1066-8888.
J. Madhavan, P. A. Bernstein, and E. Rahm. Generic Schema Matching with Cupid. In 27th International Conference on Very Large Data Bases (VLDB’01), pp. 49–58 (September 11-14, 2001). ISBN 1-55860-804-4.
globus.org. globus toolkit, http://www.globus.org/toolkit/, (2004).
F. Cuppens, N. Cuppens-Boulahia, and C. Coma. Multi-granular licences to decentralize security administration. In SSS/WRAS 2007: First international Workshop on Reliability, Availability and Security (November 14-16, 2007).
T. Bray, J. Paoli, and C. Sperberg-McQueen, Extensible Markup Language (XML), The World Wide Web Journal. 2(4), 29–66, (1997).
F. Cuppens, N. Cuppens-Boulahia, and T. Sans. Protection of Relationships in XML Documents with the XML-BB Model. In Information Systems Security, First International Conference (ICISS’05), pp. 148–163 (December 19-21, 2005).
M. J. N. David F. C. Brewer. The ChineseWall security policy. In IEEE Symposium on Security and Privacy, (1989).
L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community Authorization Service for Group Collaboration. In 3rd international workshop on Policies for Distributed Systems and Networks (POLICY’02), Monterey, California, U.S.A (June 5-7, 2002).
R. Sandhu and X. Zhang. Peer-to-peer access control architecture using trusted computing technology. In Proceedings of the tenth ACM symposium on Access control models and technologies (SACMAT’05), pp. 147–158, (2005).
H. Tran, M. Hitchens, V. Varadharajan, and P. Watters. A Trust based Access Control Framework for P2P File-Sharing Systems. In 38th Annual Hawaii International Conference on System Sciences (HICSS’05), Hawaii (January 03-06, 2005).
F. Autrel, F. Cuppens, N. Cuppens-Boulahia, and C. Coma. MotOrBAC 2: a security policy tool. In Third Joint Conference on Security in Networks Architectures and Security of Information Systems (SARSSI’09), Loctudy, France (october 13-17, 2008).
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2010 Atlantis Press/World Scientific
About this chapter
Cite this chapter
Coma, C., Cuppens-Boulahia, N., Cuppens, F. (2010). Secure interoperability with O2O contracts. In: Web-Based Information Technologies and Distributed Systems. Atlantis Ambient and Pervasive Intelligence, vol 2. Atlantis Press. https://doi.org/10.2991/978-94-91216-32-9_11
Download citation
DOI: https://doi.org/10.2991/978-94-91216-32-9_11
Publisher Name: Atlantis Press
Online ISBN: 978-94-91216-32-9
eBook Packages: Computer ScienceComputer Science (R0)
