[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments

  • Conference paper
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2008)

Abstract

We investigate a security framework for collaborative applications that relies on the role-based access control (RBAC) model. In our framework, roles are pre-defined and organized in a hierarchy (partial order). However, we assume that users are not previously identified, therefore the actions that they can perform are dynamically determined based on their own attribute values and on the attribute values associated with the resources. Those values can vary over time (e.g., the user’s location or whether the resource is open for visiting) thus enabling or disabling a user’s ability to perform an action on a particular resource. In our framework, constraint values form partial orders and determine the association of actions with the resources and of users with roles. We have implemented our framework by exploring the capabilities of semantic web technologies, and in particular of OWL 1.1, to model both our framework and the domain of interest and to perform several types of reasoning. In addition, we have implemented a user interface whose purpose is twofold: (1) to offer a visual explanation of the underlying reasoning by displaying roles and their associations with users (e.g., as the user’s locations vary); and (2) to enable monitoring of users that are involved in a collaborative application. Our interface uses the Google Maps API and is particularly suited to collaborative applications where the users’ geospatial locations are of interest.

Work partially supported by NSF Awards ITR IIS-0326284, IIS-0513553, and IIS-0812258.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Al-Kahtani, M.A., Sandhu, R.: A Model for Attribute-Based User- Role Assignment. In: Annual Computer Security Applications Conference (ACSAC), pp. 353–364. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  2. Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attributebased RBAC. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 142–148 (2003)

    Google Scholar 

  3. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 29–37 (2005)

    Google Scholar 

  4. Cirio, L., Cruz, I.F., Tamassia, R.: A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Clark & Parsia, LLC. Pellet, http://pellet.owldl.com

  6. Cruz, I.F., Tamassia, R., Yao, D.: Privacy-Preserving Schema Matching Using Mutual Information. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 93–94. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Damiani, M.L., Bertino, E.: Access Control and Privacy in Location- Aware Services for Mobile Organizations. In: International Conference on Mobile Data Management (MDM), pp. 11–20 (2006)

    Google Scholar 

  8. Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A Spatially Aware RBAC. ACM Transactions on Information and System Security (TISSEC) 10(1), 2 (2007)

    Article  Google Scholar 

  9. Darnel, M.R.: Theory of Lattice-Ordered Groups, p. 10016. CRC Press, New York (1995)

    Google Scholar 

  10. Finin, T.W., Joshi, A., Kagal, L., Niu, J., Sandhu, R.S., Winsborough, W.H., Thuraisingham, B.M.: ROWLBAC: Representing Role Based Access Control in OWL. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 73–82 (2008)

    Google Scholar 

  11. Horrocks, I., Patel-Schneider, P.F., Motik, B.: OWL 1.1 Web Ontology Language Structural Specification and Functional-Style Syntax (2007)

    Google Scholar 

  12. Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)

    Article  Google Scholar 

  13. Kulkarni, D., Tripathi, A.: Context-aware Role-based Access Control in Pervasive Computing Systems. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 113–122 (2008)

    Google Scholar 

  14. Osborn, S.L., Sandhu, R.S., Munawer, Q.: Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 3(2), 85–106 (2000)

    Article  Google Scholar 

  15. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  16. Scannapieco, M., Figotin, I., Bertino, E., Elmagarmid, A.K.: Privacy Preserving Schema and Data Matching. In: ACM SIGMOD International Conference on Management of Data, pp. 653–664 (2007)

    Google Scholar 

  17. Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: A Semantic Context-Aware Adaptive Policy Model. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 129–140 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M. (2009). A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03354-4_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03353-7

  • Online ISBN: 978-3-642-03354-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics