research-article

Policy Negotiation for Co-owned Resources in Relationship-Based Access Control

Authors:

Pooya Mehregan,

Philip W.L. FongAuthors Info & Claims

SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies

Pages 125 - 136

https://doi.org/10.1145/2914642.2914652

Published: 06 June 2016 Publication History

Abstract

The collaborative nature of content development has given rise to the novel problem of multiple ownership in access control, such that a shared resource is administrated simultaneously by co-owners who may have conflicting privacy preferences and/or sharing needs. Prior work has focused on the design of unsupervised conflict resolution mechanisms.

Driven by the need for human consent in organizational settings, this paper explores interactive policy negotiation, an approach complementary to that of prior work. Specifically, we propose an extension of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the draft policy is assessed by formally defined availability criteria: to the second level of the polynomial hierarchy. We devised two algorithms for verifying policy satisfiability, both employing a modern SAT solver for solving subproblems. The performance is found to be adequate for mid-sized organizations.

References

[1]

Arora, S., and Barak, B. Computational Complexity: A Modern Approach. Cambridge University Press, 2009.

Digital Library

[2]

Besmer, A., and Richter Lipford, H. Moving beyond untagging: Photo privacy in a tagged world. In Proceedings of CHI '10 (Atlanta, Georgia, USA, 2010), pp. 1563--1572.

Digital Library

[3]

Bruns, G., Fong, P. W. L., Siahaan, I., and Huth, M. Relationship-based access control: Its expression and enforcement through hybrid logic. In Proceedings of CODASPY '12 (San Antonio, TX, USA, Feb. 2012).

Digital Library

[4]

Crampton, J. A reference monitor for workflow systems with constrained task execution. In Proceedings of SACMAT '05 (Stockholm, Sweden, 2005), pp. 38--47.

Digital Library

[5]

Crampton, J., Gutin, G., and Yeo, A. On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM TISSEC 16, 1 (June 2013).

Digital Library

[6]

Erd\Hos, P., and Rényi, A. On random graphs i. Publication of the Mathematical Institute of the Hungarian Academy of Sciences 6 (1959), 290--297.

[7]

Fong, P. W. L. Preventing Sybil attacks by privilege attenuation: A design principle for social network systems. In Proceedings of IEEE S&P '11 (Oakland, CA, May 2011), pp. 263--278.

Digital Library

[8]

Fong, P. W. L. Relationship-based access control: Protection model and policy language. In Proceedings of CODASPY '11 (San Antonio, Texas, USA, Feb. 2011), pp. 191--202.

Digital Library

[9]

Fong, P. W. L., Mehregan, P., and Krishnan, R. Relational abstraction in community-based secure collaboration. In ACM CCS '13 (Berlin, Germany, 2013), pp. 585--598.

Digital Library

[10]

Fong, P. W. L., and Siahaan, I. Relationship-based access control policies and their policy languages. In Proceedings of SACMAT '11 (Innsbruck, Austria, June 2011), pp. 51--60.

Digital Library

[11]

Graham, G. S., and Denning, P. J. Protection: Principles and Practice. In Proceedings of AFIPS '72 (Spring) (Atlantic City, New Jersey, 1972), pp. 417--429.

Digital Library

[12]

Hu, H., and Ahn, G.-J. Multiparty authorization framework for data sharing in online social networks. In Proceedings of DBSec '11 (Richmond, VA, USA, 2011), pp. 29--43.

Digital Library

[13]

Hu, H., Ahn, G.-J., and Jorgensen, J. Detecting and resolving privacy conflicts for collaborative data sharing in online social networks. In Proceedings of ACSAC'11 (Orlando, Florida, USA, 2011), pp. 103--112.

Digital Library

[14]

Hu, H., Ahn, G.-J., and Jorgensen, J. Multiparty access control for online social networks: Model and mechanisms. IEEE TKDE 25, 7 (2013).

Digital Library

[15]

Hu, H., Ahn, G.-J., Zhao, Z., and Yang, D. Game theoretic analysis of multiparty access control in online social networks. In Proceedings of SACMAT '14 (London, Ontario, Canada, 2014), pp. 93--102.

Digital Library

[16]

Khan, A. A., and Fong, P. W. L. Satisfiability and feasibility in a relationship-based workflow authorization model. In Proceedings of ESORICS '12 (Pisa, Italy, Sept. 2012), pp. 109--126.

[17]

Lampinen, A., Lehtinen, V., Lehmuskallio, A., and Tamminen, S. We're in it together: Interpersonal management of disclosure in social network services. In Proceedings of CHI '11 (Vancouver, BC, Canada, 2011), pp. 3217--3226.

Digital Library

[18]

Le Berre, D., and Parrain, A. The sat4j library, release 2.2. Journal on Satisfiability, Boolean Modeling and Computation 7 (2010), 59--64.

[19]

Li, N., and Tripunitara, M. V. On Safety in Discretionary Access Control. In Proceedings of IEEE S&P '05 (Oakland, CA, May 2005), pp. 96--109.

Digital Library

[20]

Mehregan, P. Multiple Ownership in Access Control. PhD thesis, University of Calgary, March 2016.

[21]

Mehregan, P., and .Fong, P. W. L. Design patterns for multiple stakeholders in social computing. In Proceedings DBSec '14. July 2014, pp. 163--178.

Digital Library

[22]

Rizvi, S. Z. R., Fong, P. W., Crampton, J., and Sellwood, J. Relationship-based access control for an open-source medical records system. In Proceedings of SACMAT '15 (Vienna, Austria, 2015), pp. 113--124.

Digital Library

[23]

Squicciarini, A. C., Shehab, M., and Wede, J. Privacy Policies for Shared Content in Social Network Sites. The VLDB Journal 19, 6 (Dec. 2010), 777--796.

Digital Library

[24]

Squicciarini, A. C., Xu, H., and Zhang, X. L. CoPE : Enabling collaborative privacy management in online social networks. Journal of the American Society for Information Science 62, 3 (2011), 521--534.

Digital Library

[25]

Such, J. M., and Criado, N. Adaptive conflict resolution mechanism for multi-party privacy management in social media. In Proceedings of WPES '14 (Scottsdale, Arizona, USA, 2014), pp. 69--72.

Digital Library

[26]

Thomas, K., Grier, C., and Nicol, D. M. Unfriendly: Multi-party privacy risks in social networks. In Proceedings of PETS '10 (Berlin, Germany, July 2010), pp. 236--252.

Digital Library

[27]

Torán, J. On the resolution complexity of graph non-isomorphism. In Proceedings of SAT'13 (Helsinki, Finland, July 2013), pp. 52--66.

Digital Library

[28]

Wang, Q., and Li, N. Satisfiability and resiliency in workflow authorization systems. ACM TISSEC 13, 4 (Dec. 2010).

Digital Library

[29]

Winsborough, W. H., and Li, N. Safety in automated trust negotiation. In IEEE S&P '04 (Oakland, California, USA, May 2004), pp. 147--160.

[30]

Wishart, R., Corapi, D., Marinovic, S., and Sloman, M. Collaborative privacy policy authoring in a social networking context. In Proceedings of IEEE POLICY'10 (Fairfax, VA, July 2010), pp. 1--8.

Digital Library

[31]

Yu, T., Winslett, M., and Seamons, K. E. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM TISSEC 6, 1 (Feb. 2003), 1--42.

Digital Library

Cited By

Kilic DCrabtree AMcGarry GGoulden M(2021)The cardboard box study: understanding collaborative data management in the connected homePersonal and Ubiquitous Computing10.1007/s00779-021-01655-926:1(155-176)Online publication date: 8-Oct-2021
https://doi.org/10.1007/s00779-021-01655-9
Guo YSun XYu MLi FGeng KLi Z(2021)Resolving Policy Conflicts for Cross-Domain Access Control: A Double Auction ApproachComputational Science – ICCS 202110.1007/978-3-030-77961-0_43(525-539)Online publication date: 9-Jun-2021
https://doi.org/10.1007/978-3-030-77961-0_43
R A(2020)User Opinion based Trust Value Prediction for Online Social NetworkInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT206491(491-500)Online publication date: 15-Aug-2020
https://doi.org/10.32628/CSEIT206491
Show More Cited By

Index Terms

Policy Negotiation for Co-owned Resources in Relationship-Based Access Control
1. Security and privacy
  1. Formal methods and theory of security

Recommendations

Classifying and Comparing Attribute-Based and Relationship-Based Access Control
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

Attribute-based access control (ABAC) expresses authorization policy via attributes while relationship-based access control (ReBAC) does so via relationships. While ABAC concepts have been around for a long time, ReBAC is relatively recent emerging with ...
A propositional policy algebra for access control

Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Building access control policy model for privacy preserving and testing policy conflicting problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies

June 2016

248 pages

ISBN:9781450338028

DOI:10.1145/2914642

General Chair:
X. Sean Wang
Fudan University, China
,
Program Chairs:
Lujo Bauer
Carnegie Mellon University, USA
,
Florian Kerschbaum
SAP, Germany

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSERC Discovery Grant
Canada Research Chair

Conference

SACMAT 2016

Sponsor:

SIGSAC

SACMAT 2016: The 21st ACM Symposium on Access Control Models and Technologies

June 6 - 8, 2016

Shanghai, China

Acceptance Rates

SACMAT '16 Paper Acceptance Rate 18 of 55 submissions, 33%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
309
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kilic DCrabtree AMcGarry GGoulden M(2021)The cardboard box study: understanding collaborative data management in the connected homePersonal and Ubiquitous Computing10.1007/s00779-021-01655-926:1(155-176)Online publication date: 8-Oct-2021
https://doi.org/10.1007/s00779-021-01655-9
Guo YSun XYu MLi FGeng KLi Z(2021)Resolving Policy Conflicts for Cross-Domain Access Control: A Double Auction ApproachComputational Science – ICCS 202110.1007/978-3-030-77961-0_43(525-539)Online publication date: 9-Jun-2021
https://doi.org/10.1007/978-3-030-77961-0_43
R A(2020)User Opinion based Trust Value Prediction for Online Social NetworkInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT206491(491-500)Online publication date: 15-Aug-2020
https://doi.org/10.32628/CSEIT206491
Cheung KHuth MKirk LLundbæk LMarques RPetsche JKerschbaum FMashatan ANiu JLee A(2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3326326
Fong PAhn GThuraisingham BKantarcioglu MKrishnan R(2019)Results in Workflow ResiliencyProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300038(185-196)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300038
Xu LJiang CHe NHan ZBenslimane A(2019)Trust-Based Collaborative Privacy Management in Online Social NetworksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.284048814:1(48-60)Online publication date: Jan-2019
https://doi.org/10.1109/TIFS.2018.2840488
Paci FSquicciarini AZannone N(2018)Survey on Access Control for Community-Centered Collaborative SystemsACM Computing Surveys10.1145/314602551:1(1-38)Online publication date: 4-Jan-2018
https://dl.acm.org/doi/10.1145/3146025
Fang LYin LGuo YWang ZLi F(2018)Resolving Access Conflicts: An Auction-Based Incentive ApproachMILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM.2018.8599819(1-6)Online publication date: Oct-2018
https://doi.org/10.1109/MILCOM.2018.8599819
Cuppens NZerkane SLi YEspes DLe Parc PCuppens F(2017)Firewall Policies Provisioning Through SDN in the CloudData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_16(293-310)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_16

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents