Abstract
Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ahn, G.J., Sandhu, R., 2000. The RCL 2000 Language for Specifying Role-Based Authorization Constraints. PhD Thesis, George Mason University, Fairfax, Virginia, USA.
Alsulaiman, F.A., Miege, A., EI Saddik, A., 2007. Threshold-Based Collaborative Access Control. Proc. Int. Symp. on Collaborative Technologies and Systems, p.45–56. [doi:10.1109/CTS.2007.4621737]
Ardagna, C.A., Cremonini, M., de Capitani di Vimercati, S., Samarati, P., 2008. A privacy-aware access control system. J. Comput. Secur., 16(4):369–397. [doi:10.3233/JCS-2008-0328]
Carminati, B., Ferrari, E., 2008. Privacy-Aware Collaborative Access Control in Web-Based Social Networks. Proc. 22nd Annual IFIP WG 11.3 Working Conf. on Data and Applications Security, p.81–96. [doi:10.1007/978-3-540-70567-3_7]
Crampton, J., 2003. Specifying and Enforcing Constraints in Role-Based Access Control. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.43–50. [doi:10.1145/775412.775419]
Dey, A.K., 2001. Providing Architectural Support for Building Context-Aware Applications. PhD Thesis, Georgia Institute of Technology, Atlanta, Georgia, USA.
Dunlop, N., Indulska, J., Raymond, K., 2003. Methods for Conflict Resolution in Policy-Based Management System. Proc. 7th Int. Enterprise Distributed Object Computing Conf., p.98–109. [doi:10.1109/EDOC.2003.1233841]
Franz, E., Wahrig, H., Boettcher, A., Borcea-Pfitzmann, K., 2006. Access Control in a Privacy-Aware eLearning Environment. Proc. 1st Int. Conf. on Availability, Reliability and Security, p.879–886. [doi:10.1109/ARES.2006.20]
Gambetta, D., 1990. Can We Trust Trust? In: Gambetta, D. (Ed.), Trust: Making and Breaking Cooperative Relations. Basil Blackwell, Oxford, p.213–237.
Gligor, V.D., Gavrila, S., Ferraiolo, D., 1998. On the Formal Definition of Separation of Duty Policies and Their Composition. Proc. IEEE Computer Society Symp. on Research in Security and Privacy, p.172–183. [doi:10.1109/SECPRI.1998.674833]
He, Z.L., Tian, J.D., Zhang, Y.S., 2005. Analysis, detection and resolution of policy conflict. J. Lanzhou Univ. Technol., 31(5):83–86 (in Chinese).
Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J., 2005. Context Sensitive Access Control. Proc. 10th ACM Symp. on Access Control Models and Technologies, p.111–119. [doi:10.1145/1063979.1064000]
Joshi, J.B.D., Bertino, E., Shafiq, B., Ghafoor, A., 2003. Dependencies and Separation of Duty Constraints in GTRBAC. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.51–64. [doi:10.1145/775412. 775420]
Kim, K.I., Ko, H.J., Choi, W.G., Lee, E.J., Kim, U.M., 2008. A Collaborative Access Control Based on XACML in Pervasive Environments. Proc. Int. Conf. on Convergence and Hybrid Information Technology, p.7–13. [doi:10.1109/ICHIT.2008.225]
Koch, M., Mancini, L.V., Parisi-Presicce, F., 2002. A graph based formalism for RBAC. ACM Trans. Inf. Syst. Secur., 5(3):332–365. [doi:10.1145/545186.545191]
Li, D., Rao, P., Bertino, E., Li, N.H., Lobo, J., 2008. Policy Decomposition for Collaborative Access Control. Proc. 13th ACM Symp. on Access Control Models and Technologies, p.103–112. [doi:10.1145/1377836.1377853]
Li, E.Y., Du, T.C., Wong, J.W., 2007. Access control in collaborative commerce. Decis. Support Syst., 43(2):675–685. [doi:10.1016/j.dss.2005.05.022]
Ma, C.H., Lu, G.D., Qiu, J., 2009. Conflict detection and resolution for authorization policies in workflow systems J. Zhejiang Univ.-Sci. A., 10(8):1082–1092. [doi:10.1631/jzus.A0820366]
Michael, J., Nash, J., Keith, R., 1990. Some Conundrums Concerning Separation of Duty. Proc. IEEE Symp. on Research in Security and Privacy, p.201–209. [doi:10.1109/RISP.1990.63851]
Moffett, J.D., Sloman, M.S., 1994. Policy conflict analysis in distributed system management. Ablex Publish. J. Organ. Comput., 4(1):1–22.
Neumann, G., Strembeck, M., 2003. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.65–79. [doi:10.1145/775412.775421]
Ni, Q., Trombetta, A., Bertino, P., Lobo, P., 2007. Privacy-Aware Role Based Access Control. Proc. 12th ACM Symp. on Access Control Models and Technologies, p.41–50. [doi:10.1145/1266840.1266848]
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models. IEEE Comput., 29(2):38–47. [doi:10.1109/2.485845]
Simon, R., Zurko, M.E., 1997. Separation of Duty in Role Based Access Control Environments. Proc. 10th IEEE Workshop on Computer Security Foundations, p.183–194. [doi:10.1109/CSFW.1997.596811]
Sohr, K., Ahn, G.J., Gogolla, M., Migge, L., 2005. Specification and Validation of Authorization Constraints Using UML and OCL. Proc. 10th European Symp. on Research in Computer Security, p.64–79. [doi:10.1007/11555827]
Tan, E.C., Leong, P.C., Sio, L.T., 2002. Group-access control of confidential files in e-commerce management using shared-secret scheme. Electron. Comm. Res., 2(1/2):151–158. [doi:10.1023/A:1013304522599]
Traore, I., Khan, S., 2003. A Protection Scheme for Collaborative Environments. Proc. ACM Symp. on Applied Computing, p.331–337. [doi:10.1145/952532.952599]
Author information
Authors and Affiliations
Corresponding author
Additional information
Project (Nos. 2008C13073 and 2009C03015-1) supported by the Large Science and Technology Special Social Development Program of Zhejiang Province, China
Rights and permissions
About this article
Cite this article
Ma, Ch., Lu, Gd. & Qiu, J. An authorization model for collaborative access control. J. Zhejiang Univ. - Sci. C 11, 699–717 (2010). https://doi.org/10.1631/jzus.C0910564
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1631/jzus.C0910564