Abstract
The rise of the Internet has introduced dramatic changes in managing and sharing digital resources among widely dispersed groups. This paper presents a policy-driven access management approach for ad-hoc collaboration to enable secure information sharing in heterogeneous network environments. In particular, we attempt to incorporate the features of distributed role-based access control, delegation and dissemination control to meet the fundamental access control requirements associated with resource originators. These features are realized in a set of XACML-based Role-based Originator Authorization policies (ROA). We propose a security architecture, called ShareEnabler, to achieve effective authorization and enforcement mechanisms in the context of Peer-to-Peer (P2P) networking oriented file sharing. We briefly discuss our proof-of-concept prototype implementation based on an existing P2P file sharing toolkit developed by Lawrence Berkeley National Laboratory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Baker, M., Buyya, R., Laforenza, D.: The Grid: International efforts in global computing. International Journal of Software Practice and Experience (2002)
Oram, A. (ed.): Peer-to-peer: Harnessing the power of disruptive technologies. O’Reilly, Sebastopol (2001)
Berket, K., Agarwal, D.: Enabling secure ad-hoc collaboration. In: Proceedings of the Workshop on Advanced Collaborative Environments (2003)
Berket, K., Essiari, A., Muratas, A.: PKI-based security for peer-to-peer information sharing. In: Proceedings of the Fourth IEEE International Conference on Peer-to-Peer Computing (2004)
Agarwal, D., Chevassut, O., Thompson, M.R., Tsudik, G.: An integrated solution for secure group communication in wide-area networks. In: Proceedings of the 6th IEEE Symposium on Computers and Communications, pp. 22–28 (2001)
Kihlstrom, K.P., Moser, L.E., Melliar-Smith, P.M.: The securering protocols for securing group communication. In: Proceedings of 31st IEEE HICSS, pp. 317–326 (1998)
Reiter, M.K.: Secure group membership protocol. In: Proceedings of IEEE Symposium on Research in Security and Privacy (1994)
NIH: NIH data sharing workbook (2004), http://grants.nih.gov/grants/policy/data_sharing/data_sharing_workbook.pdf
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29 (1996)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R., R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)
Zhang, L., Ahn, G.J., Chu, B.T.: A rule-based framework for role-based delegation and revocation. ACM Transactions on Information and System Security (TISSEC) 6, 404–441 (2003)
Ahn, G.J., Mohan, B.: Secure information sharing using role-based delegation. Journal of Network and Computer Applications 2 (2005)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC), p. 168. IEEE Computer Society, Los Alamitos (2000)
Abrams, M.D., Heaney, J., King, O., LaPadula, L.J., Lazear, M., Ol, I.M.: Generalized framework for access control: Towards prototyping the orgcon policy. In: Proceedings of the 14th National Computing Security Conference, pp. 257–266 (1991)
McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of MAC and DAC — defining new forms of access control. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 190–200 (1990)
Park, J., Sandhu, R.: Originator control in usage control. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002) (2002)
Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 57–64 (2002)
Thomas, R., Sandhu, R.: Towards a multi-dimensional characterization of dissemination control. In: Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (2004)
Gnutella, http://www.gnutella.com/
RFC2246: The TLS protocol version 1.0 (1999), http://www.ietf.org/frc/rfc2246.txt
OASIS: XACML 2.0 core: extensible access control markup language (xacml) version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
RFC2396: Uniform resource identifiers (URI): Generic syntax (1998), http://rfc.net/rfc2396.html
OASIS: Core and hierarchical role based access control (rbac) profile of xacml v2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf
ITU-T: The directory: Public-key and attribute certificate frameworks. ISO/IEC 9594-8:2001 (2001)
RSA: PKCS #12: Personal information exchange syntax standard (1999), ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, J., Ahn, GJ., Singhal, M. (2006). ShareEnabler: Policy-Driven Access Management for Ad-Hoc Collaborative Sharing. In: Grust, T., et al. Current Trends in Database Technology – EDBT 2006. EDBT 2006. Lecture Notes in Computer Science, vol 4254. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11896548_55
Download citation
DOI: https://doi.org/10.1007/11896548_55
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46788-5
Online ISBN: 978-3-540-46790-8
eBook Packages: Computer ScienceComputer Science (R0)