article

A Trust-Based Context-Aware Access Control Model for Web-Services

Authors:

Arif GhafoorAuthors Info & Claims

Distributed and Parallel Databases, Volume 18, Issue 1

Pages 83 - 105

https://doi.org/10.1007/s10619-005-1075-7

Published: 01 July 2005 Publication History

Abstract

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. Additionally, the unique service access control features required in Web services technology are not captured in existing schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates trust and context into access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and provide a service access control specification. The paper presents an example service access policy composed using our framework, and also describes the implementation architecture for the system.

References

[1]

1. Accenture Web Services Case Study. http://www.accenture.com/xd/xd.asp?it=enweb&xd=services\ microsoft\case\micr_ergo.xml.]]

[2]

2. E. Bertino, S. Castano, and E. Ferrari, "Securing XML documents with Author X," IEEE Internet Computing, May-June 2001.]]

Digital Library

[3]

3. R. Bhatti, "X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control," Masters Thesis, Purdue University, May 2003. Available as CERIAS technical report 2003-27.]]

[4]

4. R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, "Access control in dynamic XML-based Web-services with X-RBAC," in Proceedings of The First International Conference on Web Services, Las Vegas, June 23-26, 2003.]]

[5]

5. R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, "X GTRBAC admin: A decentralized administration model for enterprise wide access control," in Proceedings of 9th ACM Symposium on Access Control Models and Technologies, New York, June 2-4, 2004.]]

Digital Library

[6]

6. M. Blaze, J. Feigenbaum, J. Ioannidis, and A.D. Keromytis, "The KeyNote Trust Management System," version 2. IETF RFC 2704, September 1999.]]

Digital Library

[7]

7. E. Damiani, S.D.C. di Vimercati, S. Paraboschi, and P. Samarati, "A fine grained access control system for XML documents," ACM Transactions on Information and System Security, vol. 5, Issue 2, May 2002.]]

Digital Library

[8]

8. N. Dimmock, A. Belokosztolszki, D. Eyers, J. Bacon, and K. Moody, "Using trust and risk in role-based access control policies," in Proceedings of 9th ACM Symposium on Access Control Models and Technologies, New York, June 2-4, 2004.]]

Digital Library

[9]

9. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli, "Proposed NIST standard for role-based access control," ACM Transactions on Information and System Security (TISSEC), vol. 4, Issue 3, August 2001.]]

Digital Library

[10]

10. S. Hada and M. Kudo, "XML access control language: Provisional authorization for XML documents," Tokyo Research Laboratory, IBM Research, October 16, 2000.]]

[11]

11. A. Herzberg, Y. Mass, J. Mihaeli, D. Naor, and Y. Ravid, "Access control meets public key infrastructure, or: Assigning roles to strangers," in Proceedings of the 2000 IEEE Symposium on Security and Privacy, IEEE Press, 2000, pp. 2-14.]]

Digital Library

[12]

12. J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, "A Generalized Temporal Role Based Access Control Model," IEEE Transaction on Knowledge and Data Engineering, vol. 17, no. 1, January 2005.]]

Digital Library

[13]

13. N. Li, J.C. Mitchell, and W.H. Winsborough, "Design of a role-based trust management framework," in Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2002.]]

Digital Library

[14]

14. T. Mitchell, "Machine Learning," ISBN 0070428077, McGraw Hill, 1997.]]

Digital Library

[15]

15. OASIS, Security Services TC. http://www.oasis-open.org/committees/tc-home.php?wg-abbrev = security.]]

[16]

16. R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role based access control models," IEEE Computer, vol. 29, no. 2, February 1996.]]

Digital Library

[17]

17. Security in a Web services world: A proposed architecture and roadmap http://www106.ibm.com/ developerworks/securiy/library/ws-secmap/.]]

[18]

18. N.N. Vuong, G.S. Smith, and Y. Deng, "Managing security policies in a distributed environment using extensible markup language (XML)," Symposium on Applied Computing, March 2001.]]

Digital Library

[19]

19. XACML 1.0 Specification. http://xml.coverpages.org/ni2003-02-11-a.html.]]

[20]

20. X. Zhang, J. Park, and R. Sandhu, "Schema based XML security: RBAC approach," IFIP WG 11.3 2003.]]

Cited By

Masoumzadeh Avan der Laan HDercksen ADietrich SChowdhury OTakabi D(2022)BlueSky: Physical Access Control: Characteristics, Challenges, and Research OpportunitiesProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535019(163-172)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535019
Jang SPark SCho JLee D(2022)CARES: Context-Aware Trust Estimation for Realtime Crowdsensing Services in Vehicular Edge NetworksACM Transactions on Internet Technology10.1145/351424322:4(1-24)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3514243
Yang HCho JSon HLee D(2020)Context-Aware Trust Estimation for Realtime Crowdsensing Services in Vehicular Edge Networks2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC)10.1109/CCNC46108.2020.9045221(1-6)Online publication date: 10-Jan-2020
https://dl.acm.org/doi/10.1109/CCNC46108.2020.9045221
Show More Cited By

Index Terms

A Trust-Based Context-Aware Access Control Model for Web-Services

Recommendations

A Trust-based Context-Aware Access Control Model for Web-Services
ICWS '04: Proceedings of the IEEE International Conference on Web Services

A key challenge in Web services security is the designof effective access control schemes that can adequatelymeet the unique security challenges posed by the Webservices paradigm. Despite the recent advances in Webbased access control approaches ...
A Context-Aware Role-Based Access Control Model for Web Services
ICEBE '05: Proceedings of the IEEE International Conference on e-Business Engineering

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...

Comments

Information & Contributors

Information

Published In

cover image Distributed and Parallel Databases

Distributed and Parallel Databases Volume 18, Issue 1

July 2005

99 pages

ISSN:0926-8782

Issue’s Table of Contents

Copyright © Copyright © 2005 Springer Science + Business Media, Inc.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 July 2005

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Masoumzadeh Avan der Laan HDercksen ADietrich SChowdhury OTakabi D(2022)BlueSky: Physical Access Control: Characteristics, Challenges, and Research OpportunitiesProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535019(163-172)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535019
Jang SPark SCho JLee D(2022)CARES: Context-Aware Trust Estimation for Realtime Crowdsensing Services in Vehicular Edge NetworksACM Transactions on Internet Technology10.1145/351424322:4(1-24)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3514243
Yang HCho JSon HLee D(2020)Context-Aware Trust Estimation for Realtime Crowdsensing Services in Vehicular Edge Networks2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC)10.1109/CCNC46108.2020.9045221(1-6)Online publication date: 10-Jan-2020
https://dl.acm.org/doi/10.1109/CCNC46108.2020.9045221
Ait Aali NBaina AEchabbi L(2018)Trust Management in Collaborative Systems for Critical Infrastructure ProtectionSecurity and Communication Networks10.1155/2018/79387272018Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1155/2018/7938727
Xu YGao WZeng QWang GRen JZhang Y(2018)A Feasible Fuzzy-Extended Attribute-Based Access Control TechniqueSecurity and Communication Networks10.1155/2018/64763152018Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1155/2018/6476315
Schuster RShmatikov VTromer ELie DMannan MBackes MWang X(2018)Situational Access Control in the Internet of ThingsProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243817(1056-1073)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243817
Paci FSquicciarini AZannone N(2018)Survey on Access Control for Community-Centered Collaborative SystemsACM Computing Surveys10.1145/314602551:1(1-38)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3146025
Xi NMa JSun CLu DShen Y(2018)Information flow control on encrypted data for service composition among multiple cloudsDistributed and Parallel Databases10.1007/s10619-018-7228-236:3(511-527)Online publication date: 1-Sep-2018
https://dl.acm.org/doi/10.1007/s10619-018-7228-2
Al-Wahah MFarkas C(2018)Context Delegation for Context-Based Access ControlECML PKDD 2018 Workshops10.1007/978-3-030-13453-2_16(201-210)Online publication date: 10-Sep-2018
https://dl.acm.org/doi/10.1007/978-3-030-13453-2_16
Benkaouz YErradi MFreisleben BBertino ESandhu RKrishnan R(2016)Work in ProgressProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875497(72-75)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875497
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents