Managing Uncertainty in Access Control Decisions in Distributed Autonomous Collaborative Environments
Coalitions of autonomous domains gain constantly interest during the last years due to the various fields of their potential application. A lot of challenges of both academic as well as of practical nature are related with their deployment. Among else, the distributed nature of a coalition demands special focus in respect to security management. In this paper we argue about the necessity for adjustable security mechanisms towards the security management of multi-domain environments; we describe an approach that allows determination of preferences when defining access control permissions over the shared objects. We handle such preferences by encoding access control constraints using fuzzy relations and we describe a prototype security architecture that implements the basic principles of our approach.
KeywordsAccess Control Fuzzy Relation Security Management Access Control Policy Access Request
Unable to display preview. Download preview PDF.
- 3.Ruttkay, Z.: Fuzzy constraint satisfaction. In: Proc. 3rd IEEE International Conference on Fuzzy Systems, pp. 1263–1268 (1994)Google Scholar
- 4.Dubois, D., Fargier, H., Prade, H.: The calculus of fuzzy restrictions as a basis for flexible constraint satisfaction. In: Proc. IEEE International Conference on Fuzzy Systems, pp. 1131–1136. IEEE Computer Society, Los Alamitos (1993)Google Scholar
- 6.Mukkamala, R., Atluri, V., Warner, J.: A Distributed Service Registry for Resource Sharing among Ad-hoc Dynamic Coalitions. In: Proc. of IFIP Joint Working Conference on Security Management, Integrity, and Internal Control in Information systems. LNCS, Springer, Heidelberg (2005)Google Scholar
- 7.XACML Extensible access control markup language specification 2.0, OASIS Standard (March 2004), available at http://www.oasis-open.org
- 8.Hughes, et al.: Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1.OASIS, http://xml.coverpages.org/saml.html
- 10.Belokolsztolszki, A., Eyers, D., Moody, K.: Policy Contexts: Controlling Information Flow in Parameterised RBAC. In: POLICY 2003. Proc. of the 4th Int. Workshop on Policies for Distributed Systems and Networks, pp. 99–110. IEEE Press, Los AlamitosGoogle Scholar
- 11.Hosmer, H.: Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. In: Proceedings on the 1992-1993 Workshop on New Security Paradigms (Little Compton, Rhode Island, United States), pp. 175–184. ACM Press, New YorkGoogle Scholar