Article

Role-based access management for ad-hoc collaborative sharing

Authors:

Gail-Joon AhnAuthors Info & Claims

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

Pages 200 - 209

https://doi.org/10.1145/1133058.1133086

Published: 07 June 2006 Publication History

Abstract

Under scientific collaborations, resource sharing tends to be highly dynamic and often ad hoc. The dynamic characteristics and sharing patterns of ad-hoc collaborative sharing impose a need for comprehensive and flexible approaches to reflect and cope with the unique access control requirements associated with the ad-hoc collaboration. In this paper, we propose a role-based access management framework to enable secure resource sharing,especially focusing on the digital information sharing in the heterogeneous scientific collaboration environments.Our framework incorporates role-based approach to address distributed access control, delegation and dissemination control involved in the resource sharing within such environments. A set of XACML-based policy schemas is proposed to specify policies on our framework. To demonstrate the feasibility of our framework, we design and implement a proof-of-concept prototype system called ShareEnabler, which is based on a peer-to-peer information sharing toolkit developed by Lawrence Berkeley National Laboratory.

References

[1]

ITU-T Rec.X.509 ISO/IEC 9594-8.The directory: Public-key and attribute certificate frameworks, May 2001.]]

[2]

D. Agarwal,O. Chevassut,M.R. Thompson,and G. Tsudik. An integrated solution for secure group communication in wide-area networks. In Proc. of the 6th IEEE Symposium on Computers and Communications pages 22--28, July 2001.]]

Digital Library

[3]

R. Alfieri, R. Cecchini, V. Ciaschini, L. dell 'Agnello, Gianoli, F. Spataro, F. Bonnassieux, P. Broadfoot, G. Lowe, L. Cornwall, J. Jensen, D. Kelsey, A. Frohner, D. Groep, W. S. de Cerff, M. Steenbakkers, G. Venekamp, D. Kouril, A. McNab, O. Mulmo, M. Silander, J. Hahkala, and K. Lhorentey. Managing dynamic user communities in a grid of autonomous resources. In Proc. of Computing in High Energy and Nuclear Physics (CHEP03) 2003.]]

[4]

K. Berket, A. Essiari, and A. Muratas. PKI-based security for peer-to-peer information sharing. In Proc. of the Fourth IEEE International Conference on Peer-to-Peer Computing August 2004.]]

Digital Library

[5]

D. Chadwick, T. Dimitrakos,K. K.-V. Dam, D. M. Randal, B. Matthews,and A. Otenko. Multilayer privilege management for dynamic collaborative scientific communities.In Proc. of the Workshop on Grid Security Practice and Experience pages 7--14, July 2004.]]

[6]

D. Ferraiolo, R. Sandhu, S. Gavrila, and R. R. Kuhn. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC)4:224--274, August 2001.]]

Digital Library

[7]

I. Foster,C. Kesselman, and S. Tuecke. The anatomy of the Grid:Enabling scalable virtual organizations. Lecture Notes in Computer Science 2150, 2001.]]

Digital Library

[8]

The TLS protocol version 1.0.http://www.ietf.org/frc/rfc2246.txt.]]

[9]

K. Berket,D. Agarwal,and O. Chevassut. A practical approach to the intergroup protocols.Fut ure Generation Computer Systems 18(5):709--719, 2002.]]

[10]

M. Lorch and D. G. Kafura. The PRIMA grid authorization system. Journal of Grid Computing 2(3):279--298, 2004.]]

[11]

NIH guide: Transdisciplinary tobacco use research centers (rfa-ca-04-012).http://grants.nih.gov/grants/guide/rfa-files/RFA-CA- 04-012.html, 2003.]]

[12]

OASIS.XACML pro .le for SAML 2.0.Working draft 04,http://www.oasis-open.org/committees/download.php/8831/oasis- xacml-profile-saml-wd-04.pdf,August 2004.]]

[13]

OASIS.Core and hierarchical role based access control (RBAC)profile of XACML v2.0. http://docs.oasis-open.org/xacml/2.0/access control- xacml-2.0-rbac-profile 1-spec-os.pdf, February 2005.]]

[14]

OASIS.XACML 2.0 core:extensible access control markup language (XACML)version 2.0.http://docs.oasis-open.org/xacml/2.0/access control-xacml-2.0-core-spec-os.pdf, February 2005.]]

[15]

L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A community authorization service for group collaboration. In Proc. of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02) June 2002.]]

Digital Library

[16]

Uniform resource identifiers (URI): Generic syntax. http://rfc.net/rfc2396.html.]]

[17]

OASIS. Security assertion markup language. www.oasis-open.org/committees/security/.]]

[18]

R. Sandhu, E. J. Coyne, H. L. Feinstein, and C.E. Youman. Role based access control models. IEEE Computer 29, February 1996.]]

Digital Library

[19]

M. Thompson, A. Essiari,and S. Mudumbai. Certificate-based authorization policy in a PKI environment. ACM Transaction on Information and System Security (TISSEC)6(4):566--588, 2003.]]

Digital Library

[20]

S. Tuecke, V. Welch, D. Engert, L. Pearlman,and M. Thompson. Internet x.509 public key infrastructure(PKI)proxy certificate profile. RFC 3820, 2004.]]

Cited By

Bhuyan FLu SReynolds RZhang JAhmed I(2022)A Security Framework for Scientific Workflow Provenance Access Control PoliciesIEEE Transactions on Services Computing10.1109/TSC.2019.292158615:1(97-109)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSC.2019.2921586
Rubio-Medrano CZhao ZDoupe AAhn GWeippl EKerschbaum FLee A(2015)Federated Access Management for Collaborative Network EnvironmentsProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752977(125-134)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752977
Tang BSandhu RLi Q(2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.1002/cpe.3446
Show More Cited By

Index Terms

Role-based access management for ad-hoc collaborative sharing
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Policy-driven role-based access management for ad-hoc collaboration

Ad-hoc collaboration is a newly emerged environment enabling distributed collaborators to share resources. The dynamic nature and unique sharing pattern in ad-hoc collaboration poses great challenges for security services to accommodate both access ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01

The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

June 2006

256 pages

ISBN:1595933530

DOI:10.1145/1133058

General Chair:
David Ferraiolo
NIST, USA
,
Program Chair:
Indrakshi Ray
Colorado State University, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT06

Sponsor:

SACMAT06: 11th ACM Symposium on Access Control Models and Technologies 2006

June 7 - 9, 2006

California, Lake Tahoe, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
944
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bhuyan FLu SReynolds RZhang JAhmed I(2022)A Security Framework for Scientific Workflow Provenance Access Control PoliciesIEEE Transactions on Services Computing10.1109/TSC.2019.292158615:1(97-109)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSC.2019.2921586
Rubio-Medrano CZhao ZDoupe AAhn GWeippl EKerschbaum FLee A(2015)Federated Access Management for Collaborative Network EnvironmentsProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752977(125-134)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752977
Tang BSandhu RLi Q(2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.1002/cpe.3446
Thongsang DTemtanapat Y(2014)A chain calling in coordination for multi-tenant collaborative cloud services2014 International Computer Science and Engineering Conference (ICSEC)10.1109/ICSEC.2014.6978212(302-307)Online publication date: Jul-2014
https://doi.org/10.1109/ICSEC.2014.6978212
González-Manzano LGonzález-Tablas Ade Fuentes JRibagorda A(2014)CooPeDComputers and Security10.1016/j.cose.2014.06.00347:C(41-65)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.cose.2014.06.003
Maity SGhosh S(2013)Security and Access Control in Mobile ad hoc NetworksBuilding Next-Generation Converged Networks10.1201/b14574-11(221-242)Online publication date: 6-May-2013
https://doi.org/10.1201/b14574-11
Tang BSandhu RLi Q(2013)Multi-tenancy authorization models for collaborative cloud services2013 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2013.6567218(132-138)Online publication date: May-2013
https://doi.org/10.1109/CTS.2013.6567218
Kowalczyk SShankar K(2013)Data sharing in the sciencesAnnual Review of Information Science and Technology10.1002/aris.2011.144045011345:1(247-294)Online publication date: 2-Jan-2013
https://doi.org/10.1002/aris.2011.1440450113
Maity SGhosh SGaur MElçi AMakarevich OOrgun MSingh V(2012)Enforcement of access control policy for mobile ad hoc networksProceedings of the Fifth International Conference on Security of Information and Networks10.1145/2388576.2388582(47-52)Online publication date: 25-Oct-2012
https://dl.acm.org/doi/10.1145/2388576.2388582
Kowalczyk SShankar K(2011)Data sharing in the sciencesAnnual Review of Information Science and Technology10.5555/2766865.276687845:1(247-294)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.5555/2766865.2766878
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents