Abstract
Partners in VOs can share large amount of data. Sharing of individual data items is straightforward, but sharing components of complex data structures stored in heterogeneous systems is often a challenge. Sharing is typically governed by rules and policies that need to be translated into access right / privilege control and data granularity control. Simultaneous control of privileges and data granularity across different organizations is a difficult task, and most traditional approaches, such role-based access control can become prohibitively complex in such scenarios. We propose a scheme for concurrent control of subject privileges and object granularity. It includes participants, duties and operations, and generates security labels that describe security features. To facilitate interoperability between heterogeneous systems, the labels also carry information about the data model, including dynamic hierarchy description. The model supports subject activity control over objects with variable data access granularity. It encompasses the advantages of existing role based and label based control. First, an abstract subject privilege control model is built, and the mathematical relationships between privileges in the label system are defined. Second, an abstract object dynamic granularity model is produced and the mathematical relationship between granularity levels is established. At last, a pair-wise privacy label system is provided as an integrated information protection mechanism, where relationships between subject activities and privileges are described for actual access control. A formal verification of the proposed method has also been performed.
Chapter PDF
Similar content being viewed by others
References
Zhang, L., Brodsky, A., Swarup, V., Jajodia, S.: A Framework for Maximizing Utility of Sanitized Documents Based on Meta-labeling. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 181–188 (2008)
Hitachi ID Systems, Inc.: Beyond Roles: A Practical Approach to Enterprise User Provisioning, http://www.idsynch.com/docs/beyond-roles.html (access in August 2009)
He, Q., Anton, A.I.: A Framework for Modelling Privacy Requirements in Role Engineering. Department of Computer Science, North Carolina State University, Raleigh, NC 27695-8207, USA
Li, X., Naeem, N.A., Kemme, B.: Fine-Granularity Access Control in 3-tier Laboratory Information Systems. In: The Proceedings of the 9th International Database Engineering & Application Symposium, IDEAS 2005 (2005)
Abdallah, A.E., Khayat, E.J.: A Formal Model for Parameterized Role-based Access Control. Research Institute for Computing, London South Bank University, U.K. (2005)
Acevedo, M.T., Fillingham, D., Nicolettos, J.L.: Enterprise Security Application of Partition Rule Based Access Control (PRBAC). In: Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, pp. 285–292
Martino, L.D., Ni, Q., Lin, D., Bertino, E.: Multi-domain and Privacy-aware Role Based Access Control in eHealth. Computer Science. Purdue University, USA (2008)
Goldsmith, M.: FDR2 User’s Manual Version 2.82. Formal System (Europe) Ltd.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Zhong, J., Bertok, P., Tari, Z. (2010). Security, Privacy and Interoperability in Heterogeneous Systems. In: Camarinha-Matos, L.M., Boucher, X., Afsarmanesh, H. (eds) Collaborative Networks for a Sustainable World. PRO-VE 2010. IFIP Advances in Information and Communication Technology, vol 336. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15961-9_84
Download citation
DOI: https://doi.org/10.1007/978-3-642-15961-9_84
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15960-2
Online ISBN: 978-3-642-15961-9
eBook Packages: Computer ScienceComputer Science (R0)