Abstract
We investigate a security framework for collaborative applications that relies on the role-based access control (RBAC) model. In our framework, roles are pre-defined and organized in a hierarchy (partial order). However, we assume that users are not previously identified, therefore the actions that they can perform are dynamically determined based on their own attribute values and on the attribute values associated with the resources. Those values can vary over time (e.g., the user’s location or whether the resource is open for visiting) thus enabling or disabling a user’s ability to perform an action on a particular resource. In our framework, constraint values form partial orders and determine the association of actions with the resources and of users with roles. We have implemented our framework by exploring the capabilities of semantic web technologies, and in particular of OWL 1.1, to model both our framework and the domain of interest and to perform several types of reasoning. In addition, we have implemented a user interface whose purpose is twofold: (1) to offer a visual explanation of the underlying reasoning by displaying roles and their associations with users (e.g., as the user’s locations vary); and (2) to enable monitoring of users that are involved in a collaborative application. Our interface uses the Google Maps API and is particularly suited to collaborative applications where the users’ geospatial locations are of interest.
Work partially supported by NSF Awards ITR IIS-0326284, IIS-0513553, and IIS-0812258.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Al-Kahtani, M.A., Sandhu, R.: A Model for Attribute-Based User- Role Assignment. In: Annual Computer Security Applications Conference (ACSAC), pp. 353–364. IEEE Computer Society, Los Alamitos (2002)
Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attributebased RBAC. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 142–148 (2003)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 29–37 (2005)
Cirio, L., Cruz, I.F., Tamassia, R.: A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)
Clark & Parsia, LLC. Pellet, http://pellet.owldl.com
Cruz, I.F., Tamassia, R., Yao, D.: Privacy-Preserving Schema Matching Using Mutual Information. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 93–94. Springer, Heidelberg (2007)
Damiani, M.L., Bertino, E.: Access Control and Privacy in Location- Aware Services for Mobile Organizations. In: International Conference on Mobile Data Management (MDM), pp. 11–20 (2006)
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information and System Security (TISSEC) 10(1), 2 (2007)
Darnel, M.R.: Theory of Lattice-Ordered Groups, p. 10016. CRC Press, New York (1995)
Finin, T.W., Joshi, A., Kagal, L., Niu, J., Sandhu, R.S., Winsborough, W.H., Thuraisingham, B.M.: ROWLBAC: Representing Role Based Access Control in OWL. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 73–82 (2008)
Horrocks, I., Patel-Schneider, P.F., Motik, B.: OWL 1.1 Web Ontology Language Structural Specification and Functional-Style Syntax (2007)
Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)
Kulkarni, D., Tripathi, A.: Context-aware Role-based Access Control in Pervasive Computing Systems. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 113–122 (2008)
Osborn, S.L., Sandhu, R.S., Munawer, Q.: Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 3(2), 85–106 (2000)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)
Scannapieco, M., Figotin, I., Bertino, E., Elmagarmid, A.K.: Privacy Preserving Schema and Data Matching. In: ACM SIGMOD International Conference on Management of Data, pp. 653–664 (2007)
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A Semantic Context-Aware Adaptive Policy Model. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 129–140 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M. (2009). A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-03354-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03353-7
Online ISBN: 978-3-642-03354-4
eBook Packages: Computer ScienceComputer Science (R0)