Abstract
Design and manufacturing of a complex product requires collaboration among companies. The collaborating companies form a virtual enterprise, which is dynamically organized. In this paper, we propose a Layer-based Access Control (LBAC) system in a collaborative design and manufacturing environment. Our system protects not only data but also processes in a hierarchical distributed workflow environment. The goal is to shield the process from illegal access as well as to protect intellectual properties and trade secrets. Our proposed approach protects objects between organizations at different level of granularity, and supports access control (AC) in heterogeneous environments. In LBAC, we introduce a new concept – AC layer, which wraps the AC systems of a virtual organization. The security information exchanges between the AC systems inside and outside the AC layer through a well-defined interface of the AC layer. The AC layer seamlessly glues different AC systems in organizations together according to the inter-organization workflow. Inside an organization the role is used to manage accesses. The encapsulation and dynamic binding features of the layered based approach make LBAC suitable for the collaborative design and manufacturing environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Argus-Systems. Pitbull lx secure application environment, white paper (2001)
Atluri, V., Huang, W.: An authorization model for workflows. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 25–27. Springer, Heidelberg (1996)
Au, R., Looi, M., Ashley, P.: Automated cross-organisational trust establishment on extranets. In: Australian Computer Science Communications, Proceedings of the workshop on Information technology for virtual enterprises, vol. 23 (2001)
Baldwin, R., Chung, M.J.: Design methodology management: A formal approach. Computer 28(2), 54–63 (1995)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. TR. M., 74–224 (1973)
Bullock, A., Benford, S.: An access control framework for multi-user collaborative environments. In: Proceedings of the international ACM SIGGROUP conference on Supporting group work, Phoenix, Arizona, United States, November 14-17, pp. 140–149 (1999)
Chung, M., Kwon, P., Pentland, B.: Making process visible: A grammartical approach to managing design processes. ASME Transaction. Journal of Mechanical Design 124, 364–374 (2002)
Coulouris, G., Dollimore, J., Roberts, M.: Role and task-based access control in the perdis groupware platform. In: 3rd ACM workshop on Role-based Access, Fairfax, VA, pp. 115–121 (1998)
Dewan, P., Shen, H.H.: Flexible meta access-control for collaborative applications. In: Proceedings of the 1998 ACM conference on Computer supported cooperative work, Seattle, Washington, United States, November 14-18, pp. 247–256 (1998)
Emmerich, W., Gruhn, V.: Funsoft nets: A petri-net based software process modeling language. In: Proc. of the 6th Int. Workshop on Software Specification and Design, Como, Italy, pp. 175–184. IEEE Computer Society Press, Los Alamitos (1991)
Erdmann, S., Wortmann, J.: Enterprise modelling with funsoft nets. In: Proceedings of the 1st International Enterprise Distributed Object Computing Workshop (EDOC 1997), Gold Coast, Australia, October 24-26 (1997)
Ferraiolo, D.F., Cugini, J., et al.: Role based access control: Features and motivations. In: Computer Security Applications Conference (1995)
Fielding, R.T., Whitehead, E.J., Anderson, K.M., Bolcer, A.G., Oreizy, P., Taylor, R.N.: Web-based development of complex information products. Communications of the ACM 41(8), 84–92 (1998)
Fox, M.S., Gruninger, M.: Enterprise modelling. AI Magazine, 109–121 (Fall 1998)
Hardwick, M., Spooner, D.L., Rando, T., Morris, K.C.: Sharing manufacturing information in virtual enterprises. Communications of the ACM 39(2), 46–54 (1996)
Hoffner, Y., Ludwig, H., Grefen, P., Aberer, K.: Crossflow: Integrating workflow management and electronic commerce
Huang, W., Atluri, V.: Secureflow: A secure web-enabled workflow management system. In: ACM Workshop on Role-based Access Control, pp. 83–94 (1999)
IDEF (1998), http://www.idef.com
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2) (2001)
Kang, M.H., Park, J.S., et al.: Access control mechanisms for interorganizational workflow. In: Sixth ACM Symposium on Access Control Models and Technologies (2001)
Kudo, M., Hada, S.: Xml access control (2000), http://www.trl.ibm.com/projects/xml/xacl/xmlac-proposal.html
Kudo, M., Hada, S.: Xml document security based on provisional authorization. In: 7th ACM Conference on Computer and Communication Security (CCS 2000) (November 2000)
Linington, P., Milosevic, Z., Raymond, K.: Policies in communities: Extending the odp enterprise viewpoint. In: Proc. 2nd IEEE Enterprise Distributed Object Computing Workshop, San-Diego (1998)
Lupu, E., Milosevic, Z., et al.: Use of roles and policies for specifying, and managing a virtual enterprise. In: The 9th IEEE International Workshop on Research Issues on Data Engineering: Information Technology for Virtual Enterprises (RIDE-VE 1999), Sydney, Australia (1999)
Lupu, E., Sloman, M.: A policy based role object model. In: Proc. 1st IEEE Enterprise Distributed Object Computing Workshop, Gold Coast, Australia, pp. 36–47 (1997)
NIIIP. The niiip reference architecture (1996), http://www.niiip.org
Qin, Y.: Manufacturing Infrastructure and Design Automation System (MIDAS) with XML representation. PhD thesis, Computer Science and Engineering, Michigan State University, East Lansing (2002)
Rahwan, I., Kowalczyk, R., et al.: Virtual Enterprise Design - BDI Agents vs. Objects. In: Recent Advances in Artificial Intelligence in e-Commerce. R. a. L. Kowalczyk, M, Springer, Heidelberg (2000)
Rodrigues, M.A., Liu, Y., Bottaci, L., Rigas, D.I.: Learning and diagnosis in manufacturing processes through an executable bayesian network. In: 13th International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems IEA/AIE-2000, New Orleans, June 19-22, pp. 390–395 (2000)
Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for rolefinding to implement role-based security administration in a large industrial organization, pp. 103–110. ACM, New York (2000)
Sandhu, R.S., Samarati, P.: Access control: Principles and practice. IEEE Communications Magazine, 40–48 (September 1994)
Stevens, G., Wulf, V.: A new dimension in access control: studying maintenance engineering across organizational boundaries. In: Proceedings of the 2002 ACM conference on Computer supported cooperative work, New Orleans, Louisiana, USA, November 16-20 (2002)
Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (tbac): A family of models for active and enterprise-oriented authorization management. In: The IFIO WG11.3 Workshop on Database Security, Lake Tahoe, California (1997)
Wainer, J., Barthelmess, P., Kumar, A.: W-rbac - a workflow security incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)
Zhou, Q., Besant, C.B.: Information management in production planning for a virtual enterprise. Int. J. Prod. Res. 37(1), 207–218 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Y., Chung, M.J., Kim, H. (2004). Layer-Based Access Control Model in the Manufacturing Infrastructure and Design Automation System. In: Lim, JI., Lee, DH. (eds) Information Security and Cryptology - ICISC 2003. ICISC 2003. Lecture Notes in Computer Science, vol 2971. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24691-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-24691-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21376-5
Online ISBN: 978-3-540-24691-6
eBook Packages: Springer Book Archive