More Web Proxy on the site http://driver.im/

research-article

On the suitability of dissemination-centric access control systems for group-centric sharing

Authors:

William C. Garrison, III,

Adam J. LeeAuthors Info & Claims

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Pages 1 - 12

https://doi.org/10.1145/2557547.2557566

Published: 03 March 2014 Publication History

Abstract

The Group-centric Secure Information Sharing (g-SIS) family of models has been proposed for modeling environments in which group dynamics dictate information-sharing policies and practices. This is in contrast to traditional, dissemination-centric sharing models, which focus on attaching policies to resources that limit their flow from producer to consumer. The creators of g-SIS speculate that it may not be strictly more expressive than dissemination-centric models, but that it nevertheless has pragmatic efficiency advantages in group-centric scenarios [12]. In this paper, we formally and systematically test these characteristics of an access control system's suitability for a scenario - expressiveness and cost - to evaluate the capabilities of dissemination-centric systems within group-centric workloads. We show that several common dissemination-centric systems lack the expressiveness to meet all security guarantees while implementing the wide range of behavior that is characteristic of the g-SIS models, except via impractical, convoluted encodings. Further, even more efficient implementations (admissible under relaxed security requirements) suffer from high storage and computational overheads. These observations support the practical and theoretical significance of the g-SIS models, and provide insight into techniques for evaluating and comparing access control systems in terms of both expressiveness and cost.

References

[1]

Paul Ammann, Richard J. Lipton, and Ravi S. Sandhu. The expressive power of multi-parent creation in monotonic access control models. JCS, 4(2/3), 1996.

Digital Library

[2]

Kay S. Anderson, Joseph P. Bigus, Eric Bouillet, Parijat Dube, Nagui Halim, Zhen Liu, and Dimitrios E. Pendarakis. Sword: scalable and exible workload generator for distributed data processing systems. In Winter Simulation Conference, 2006.

Digital Library

[3]

Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A logical framework for reasoning about access control models. TISSEC, 6(1), 2003.

Digital Library

[4]

Eric Bouillet, Parijat Dube, David George, Zhen Liu, Dimitrios E. Pendarakis, and Li Zhang. Distributed multi-layered workload synthesis for testing stream processing systems. In Winter Simulation Conference, 2008.

Digital Library

[5]

Ajay Chander, Drew Dean, and John C. Mitchell. A state-transition model of trust management and access control. In CSFW, 2001.

Digital Library

[6]

Gregory R. Ganger. Generating representative synthetic workloads: An unsolved problem. In International CMG Conference, 1995.

[7]

Srinivas Ganta. Expressive Power of Access Control Models Based on Propagation of Rights. PhD thesis, George Mason University, 1996.

Digital Library

[8]

William C. Garrison III, Yechen Qiao, and Adam J. Lee. On the suitability of dissemination-centric access control systems for group-centric sharing: Full proofs. http://www.cs.pitt.edu/~adamlee/pubs/2014/garrison2014proofs.pdf, 2013.

[9]

Timothy L. Hinrichs, Diego Martinoia, William C. Garrison III, Adam J. Lee, Alessandro Panebianco, and Lenore Zuck. Application-sensitive access control evaluation using parameterized expressiveness. In CSF, 2013.

Digital Library

[10]

Vincent C. Hu, David F. Ferraiolo, and D. Rick Kuhn. Assessment of Access Control Systems. NIST, 2006.

[11]

Ram Krishnan, Jianwei Niu, Ravi S. Sandhu, and William H. Winsborough. Group-centric secure information-sharing models for isolated groups. TISSEC, 14(3), 2011.

Digital Library

[12]

Ram Krishnan, Ravi Sandhu, Jianwei Niu, and William H. Winsborough. A conceptual framework for group-centric secure information sharing. In ASIACCS, 2009.

Digital Library

[13]

Qamar Munawer and Ravi S. Sandhu. Simulation of the augmented typed access matrix model (atam) using roles. In INFOSECU99, 1999.

[14]

Sylvia L. Osborn, Ravi S. Sandhu, and Qamar Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. TISSEC, 3(2), 2000.

Digital Library

[15]

Playstation plus. http://us.playstation.com/psn/playstation-plus.

[16]

Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1975.

[17]

Ravi S. Sandhu. Expressive power of the schematic protection model. Journal of Computer Security, 1(1), 1992.

[18]

Ravi S. Sandhu. Rationale for the RBAC96 family of access control models. In ACM Workshop on Role-Based Access Control, 1995.

Digital Library

[19]

Ravi S. Sandhu and Srinivas Ganta. On testing for absence of rights in access control models. In CSFW, 1993.

[20]

Ravi S. Sandhu and Qamar Munawer. How to do discretionary access control using roles. In ACM Workshop on Role-Based Access Control, 1998.

Digital Library

[21]

Andrew Sciberras. Lightweight directory access protocol (LDAP): Schema for user applications. Technical Report RFC 4519, eB2Bcom, 2006. http://www.rfc-editor.org/rfc/rfc4519.txt.

[22]

Mahesh V. Tripunitara and Ninghui Li. A theory for comparing the expressive power of access control models. JCS, 15(2), 2007.

Digital Library

[23]

Dana Zhang, Kotagiri Ramamohanarao, Steven Versteeg, and Rui Zhang. RoleVAT: Visual assessment of practical need for role based access control. In ACSAC, 2009.

Digital Library

Cited By

Gil GArnaiz AHiguero MDiez F(2022)Assessment Framework for the Identification and Evaluation of Main Features for Distributed Usage Control SolutionsACM Transactions on Privacy and Security10.1145/356151126:1(1-28)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3561511
Garrison WShull AMyers SLee A(2016)On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.54(819-838)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.54
Garrison WLee A(2015)Decomposing, Comparing, and Synthesizing Access Control Expressiveness SimulationsProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.9(18-32)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.9
Show More Cited By

Index Terms

On the suitability of dissemination-centric access control systems for group-centric sharing
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A conceptual framework for Group-Centric secure information sharing
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

In this paper, we propose a conceptual framework for developing a family of models for Group-Centric information sharing. The traditional approach to information sharing, characterized as Dissemination-Centric in this paper, focuses on attaching ...
A Temporal Model for Group-Centric Secure Information Sharing
WISM '10: Proceedings of the 2010 International Conference on Web Information Systems and Mining - Volume 02

Traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producers to consumers in a system. In contrast, group-centric sharing brings subjects and objects together in a group to ...
A Times-Based Model for Group-centric Secure Information Sharing
WCSE '10: Proceedings of the 2010 Second World Congress on Software Engineering - Volume 01

In this paper, we propose a times-based model for Group-centric Secure Information Sharing(g-SIS). The traditional approach to information sharing focuses on attaching attributes and policies to an object as it is disseminated from producer to consumers ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

March 2014

368 pages

ISBN:9781450322782

DOI:10.1145/2557547

General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Jaehong Park
University of Texas at San Antonio, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Author Tags

Qualifiers

Research-article

Conference

CODASPY'14

Sponsor:

SIGSAC

CODASPY'14: Fourth ACM Conference on Data and Application Security and Privacy

March 3 - 5, 2014

Texas, San Antonio, USA

Acceptance Rates

CODASPY '14 Paper Acceptance Rate 19 of 119 submissions, 16%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
157
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gil GArnaiz AHiguero MDiez F(2022)Assessment Framework for the Identification and Evaluation of Main Features for Distributed Usage Control SolutionsACM Transactions on Privacy and Security10.1145/356151126:1(1-28)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3561511
Garrison WShull AMyers SLee A(2016)On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.54(819-838)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.54
Garrison WLee A(2015)Decomposing, Comparing, and Synthesizing Access Control Expressiveness SimulationsProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.9(18-32)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.9
Garrison WLee AHinrichs TOsborn STripunitara MMolloy I(2014)An actor-based, application-aware access control evaluation frameworkProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613099(199-210)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613099

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents