Abstract
Most of collaborative manufacturing systems are based on or involved in distributed information systems. Access control model, as an important infrastructure facility of information system, is frequently employed to control the resource sharing and cooperation in a collaborative manufacturing system. However, Configuring and running an access control model in a collaborative manufacturing system is a more complex problem. The reason is that there are more resources to be accessed and more complex security policies and rules from different partners to be obeyed in such a system than these in an individual information system. Un-intuitional semantic of security policies directly result in administrators’ confusion in judging the legitimacy of authorization actions. They don’t even know which authorization actions should be performed and what performing order should be executed by. So, it is necessary to configure an authority action sequence, including an authority action set and the performing order, to help the administrators to perform the given authorization task without violating these multisource security policies and rules. In this paper, how to configure the authority action sequence is defined as an authorization route problem at first. Then, the problem is modeled as a classical planning problem and a GraphPlan algorithm is revised to solve it. Based on the modeled problem and the revised algorithm, a prototype system named PolicyProber is developed to provide an authority action sequence for administrators in a visual way. Several cases are used to demonstrate the effectiveness of the presented model, method and algorithm. The research achievements and its application in industry can help administrators make correct decisions, which can strength the safety of a collaborative manufacturing system indirectly.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ahmed T., Tripathi A. R. (2010) Security policies in distributed CSCW and workflow systems. IEEE Transactions on Systems, Man, and Cybernetics Part A 40(6): 1220–1231
Ahmad, A., Maynard, S. B., & Park, S. (2012). Information security strategies: Towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, doi:10.1007/s10845-012-0683-0.
Blum, A., & Furst, M. (1995). Fast planning through planning graph analysis. In: Proceedings of the 14th international joint conference on artificial intelligence, Québec, Canada.
Blum A., Furst M. L. (1997) Fast planning through planning graph analysis. Artificial Intelligence 90(1–2): 281–300
Chen T. Y., Chen Y. M., Chu H. C. et al (2008) Distributed access control architecture and model for supporting collaboration and concurrency in dynamic virtual enterprises. International Journal of Computer Integrated Manufacturing 21(3): 301–324
Chen T. Y., Chen Y. M., Wang C. B. et al (2007) Secure resource sharing on cross-organization collaborationusing a novel trust method. Robotics and Computer-Integrated Manufacturing 23(4): 421–435
Cholvy, L., & Cuppens, F. (1997). Analyzing consistency of security policies. In: Proceedings of 1997 IEEE symposium on security and privacy, Oakland, USA.
Crampton, J., & Khambhammettu, H. (2009). A framework for enforcing constrained RBAC policies. In Proceedings of 2009 international conference on computational science and engineering. Vancouver, BC, Canada.
Dinesh N., Joshi A., Lee I. et al (2011) Permission to speak: A logic for access control and conformance. Journal of Logic and Algebraic Programming 80(1): 50–74
Frode H., Vladimir O. (2005) Conformance checking of RBAC policyand its implementation. Lecture Notes in Computer Science 34(39): 144–155
Gavirneni S., Kapuscinski R., Tayur S. (1999) Value of information in capacitated supply chains. Management Science 45(1): 16–24
Hu, J. W., Li, R. X., & Lu, Z. D. (2009). On role mappings for RBAC-based secure interoperation. In Proceeding of 2009 third international conference on network and system security, Wuhan, China.
Huang, F., Huang, Z. Q., & Liu, L. Y. (2009). A DL-based method for access control policy conflict detecting. In Proceedings of the 1st Asia-Pacific symposium on internetware, Beijing, China.
Huang G. Q., Qu T. (2008) Extending analytical target cascading for optimal configuration of supply chains with alternative autonomous suppliers. International Journal of Production Economics 115: 39–54
Huxham C. (1996) Creating collaborative advantage. Sage Publications, London
Jiang, Y., Liu, W. J., & Jin, T. G. (2008). A trust evaluation algorithm for secure information sharing in collaborative environment. In Proceeding of 2008 IEEE Pacific-Asia workshop on computational intelligence and industrial application.
Joshi J. B. D., Bhatti R., Bertino E. et al (2004) Access control language for multidomain environments. IEEE Internet Computing 8(6): 40–50
Li Q., Zhang X. W., Xu M. W. et al (2009) Towards secure dynamic collaborations with group-based RBAC model. Computers & Security 28(5): 260–275
Lu Y. H., Zhang L., Sun J. G. (2009) Task-activity based access control for process collaboration environments. Computers in Industry 60(6): 403–415
Nasirifard P., Peristeras V., Decker S. (2011) Annotation-based access control for collaborative information spaces. Computers in Human Behavior 27(4): 1352–1364
Osório L., Barata Manuel M. (2001) Reliable and secure communications infrastructure for virtual enterprises. Journal of Intelligent Manufacturing 12: 171–183
Qu T., Huang G. Q., Zhang Y. F. et al (2009) A generic analytical target cascading optimization system for decentralized supply chain configuration over supply chain grid.. International Journal of Production Economics 127: 262–277
Qu T., Bin S., Huang G. Q., Yang H. D. (2010) Two-stage product platform development for mass customization. International Journal of Production Research 49(8): 2197–2219
Qu, T., Yang, H. D., Huang, G. Q., Zhang, Y. F., Luo, H., & Qin, W. (2011). A case of implementing RFID-based real-time shop-floor material management for household electrical appliance manufacturers. Journal of Intelligent Manufacturing, doi:10.1007/s10845-010-0476-2.
Sandhu, R., & Bhamidipati, V. (2008). The ASCAA principles for next-generation role-based access control. In Proceedings of 3rd international conference on availability, reliability and security. Barcelona, Spain.
Sandhu R., Bhamidipati R., Munawer R. (1999) The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 2(1): 105–135
Sandhu, R., Coyne, E. J. Feinstein, et al. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.
Sejong O. H. (2010) New role-based access control in ubiquitous e-business environment. Journal of Intelligent Manufacturing 21: 607–612
Shafiq B., Joshi J. B. D., Bertino E. et al (2005) Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering 17(11): 1557–1577
Shin Y., Shin W. (2010) A telebiometric system mechanism model and biometric network protocol for the security of networked manufacturing. Journal of Intelligent Manufacturing 21: 595–605
Sun Y. Q., Gong B., Meng X. X. et al (2009) Specification and enforcement of flexible security policy for active cooperation. Information Sciences 179(15): 2629–2642
Yanghoon, K. I. M., & Hangbae, C. (2012). The industrial security management model for SMBs in smart work. Journal of Intelligent Manufacturing. doi:10.1007/s10845-012-0651-8.
Zhang, Y., & Joshi, J. B. D. (2010). Role based domain discovery in decentralized secure interoperations. In Proceeding of 2010 international symposium on collaborative technologies and systems. Chicago, USA.
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Liu, Q., Zhang, X., Chen, X. et al. The resource access authorization route problem in a collaborative manufacturing system. J Intell Manuf 25, 413–425 (2014). https://doi.org/10.1007/s10845-012-0690-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10845-012-0690-1