ABSTRACT
The establishment of globalization is driving inter- organizational collaboration towards a necessity. We cannot expect total conformity between organizations nor homogeneous security settings. Nevertheless, each organization, with its own security policies, needs to exchange data. Employees involved in inter-organizational tasks shall require remote access to data hosted by other organizations. Administrating access control policies for those employees creates problems for security officers, particularly for role assignments. Flexibility in extending (or restricting) permissions for roles imported from other organizations is required. In this work, we present an approach based on Description Logic formalisms to create from the inter-organizational agreement a set of bridge rules that in addition to (i) the permissions assigned to a given role from one organization and (ii) the permissions assigned to another role in the other organization, allows security officers to check consistency of the resulting combination of roles from both organizations.
- F. Baader, D. Calvanese, D. L. McGuinness, D. Nardi, and P. F. Patel-Schneider, editors. The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, 2003. Google ScholarDigital Library
- L. Bauer, S. Garriss, and M. K. Reiter. Detecting and resolving policy misconfigurations in access-control systems. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pages 185--194, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- E. Bertino, S. Jajodia, and P. Samarati. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26:2001, 2001. Google ScholarDigital Library
- R. Bhatti, A. Ghafoor, E. Bertino, and J. B. D. Joshi. X-gtrbac: an xml-based policy specification framework and architecture for enterprise-wide access control. ACM Trans. Inf. Syst. Secur., 8(2):187--227, 2005. Google ScholarDigital Library
- A. Borgida and L. Serafini. Distributed description logics: Assimilating information from peer sources. Journal of Data Semantics, (1):153--184, 2003.Google Scholar
- M. Buchheit, M. A. Jeusfeld, W. Nutt, and M. Staudt. Subsumption between queries to object-oriented databases. In EDBT '94: Proceedings of the 4th international conference on extending database technology, pages 15--22, New York, NY, USA, 1994. Springer-Verlag New York, Inc. Google ScholarDigital Library
- L. Chen and J. Crampton. Inter-domain role mapping and least privilege. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 157--162, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- F. M. Donini, M. Lenzerini, D. Nardi, and A. Schaerf. A hybrid system with datalog and concept languages. In In Trends in AI, volume LNAI 549, pages 88--97. Springer Verlag, 1991. Google ScholarDigital Library
- S. Du and J. B. D. Joshi. Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 228--236, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- D. Ferraiolo and D. Kuhn. Role based access control. In Proceedings of the 15th National Computer Security Conference, 1992.Google Scholar
- T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thuraisingham. Rowlbac: representing role based access control in owl. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pages 73--82, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- T. Fruhwirth. Constraint handling rules. In Constraint Programming: Basics and Trends, LNCS 910, pages 90--107. Springer-Verlag, 1995. Google ScholarDigital Library
- H. Hu and G. Ahn. Enabling verification and conformance testing for access control model. In SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologies, pages 195--204, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- M. H. Kang, J. S. Park, and J. N. Froscher. Access control mechanisms for inter-organizational workflow. In In Proceedings of the Sixth ACM Symposium on Access control models and technologies (2001), ACM, pages 66--74. Press, 2001. Google ScholarDigital Library
- L. Ma, S. Ma, and Y. Sui. A dynamic description logic approach to extended rbac model. Future Generation Communication and Networking, 1:284--288, 2007. Google ScholarDigital Library
- A. Miège. Modelling contexts in the or-bac model. In In 19th Annual Computer Security Applications Conference, Las Vegas, page 416, 2003. Google ScholarDigital Library
- M. Satyanarayanan. Integrating security in a large distributed system. ACM Transactions on Computer Systems, 7:247--280, 1989. Google ScholarDigital Library
- B. Shafiq. Access Control Management and Security in Multi-Domain Collaborative Environments. PhD thesis. Google ScholarDigital Library
- H. Shen and P. Dewan. Access control for collaborative environments. pages 51--58. ACM Press, 1992. Google ScholarDigital Library
- S. R. Smriti Sinha, Mousum Handique. Networks, data mining and artificial intelligence trends and future directions. Proc. Of the National Workshop on Trends in Advanced Computing, Narosa Publishers:pp 193--201, 2006.Google Scholar
- J. Vaidya, V. Atluri, and Q. Guo. The role mining problem: finding a minimal descriptive set of roles. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 175--184, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- J. Warner, V. Atluri, R. Mukkamala, and J. Vaidya. Using semantics for automatic enforcement of access control policies among dynamic coalitions. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 235--244, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- C. Zhao, N. Heilili, S. Liu, and Z. Lin. Representation and reasoning on rbac: A description logic approach. In In ICTAC, pages 381--393, 2005. Google ScholarDigital Library
Index Terms
- Consistency checking of role assignments in inter-organizational collaboration
Recommendations
The role of technological know-how in c-commerce success
Collaborative commerce (c-commerce), involving the use of technology to enable and facilitate inter-organizational processes, is an increasingly important area for technology innovation and investment, and has become a backbone of modern business ...
Inter-Organizational Governance of Information Technology: Learning from a Global Multi-Business-Unit Environment
There is little research available that specifically looks at how organizations define and implement their inter-organizational governance of information technology. The challenge in such environments is also observed in large organizations where ...
IT-enabled inter-organisational relationships and collaborative innovation: integration of IT design and relationships governance
Firms developing collaborative innovation from IT-enabled inter-organisational relationships IORs are faced with both technological and relational challenges. Drawing on knowledge-based view, this paper first proposes a model to integrate IT design with ...
Comments