Managing Uncertainty in Access Control Decisions in Distributed Autonomous Collaborative Environments

  • Petros Belsis
  • Stefanos Gritzalis
  • Christos Skourlas
  • Vassilis Tsoukalas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4846)


Coalitions of autonomous domains gain constantly interest during the last years due to the various fields of their potential application. A lot of challenges of both academic as well as of practical nature are related with their deployment. Among else, the distributed nature of a coalition demands special focus in respect to security management. In this paper we argue about the necessity for adjustable security mechanisms towards the security management of multi-domain environments; we describe an approach that allows determination of preferences when defining access control permissions over the shared objects. We handle such preferences by encoding access control constraints using fuzzy relations and we describe a prototype security architecture that implements the basic principles of our approach.


Access Control Fuzzy Relation Security Management Access Control Policy Access Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barker, S., Stuckey, P.: Flexible Access Control Policy Specification with Constraint logic programming. ACM Trans. Inf. Syst. Secur. 6(4), 501–546 (2003)CrossRefGoogle Scholar
  2. 2.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: RBAC 2000. Proceedings of the Fifth ACM Workshop on Role-Based Access Control, pp. 47–63. ACM press, New York (2000)CrossRefGoogle Scholar
  3. 3.
    Ruttkay, Z.: Fuzzy constraint satisfaction. In: Proc. 3rd IEEE International Conference on Fuzzy Systems, pp. 1263–1268 (1994)Google Scholar
  4. 4.
    Dubois, D., Fargier, H., Prade, H.: The calculus of fuzzy restrictions as a basis for flexible constraint satisfaction. In: Proc. IEEE International Conference on Fuzzy Systems, pp. 1131–1136. IEEE Computer Society, Los Alamitos (1993)Google Scholar
  5. 5.
    Bonatti, P., di Vimercati, D.C.S., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur (TISSEC) 5(1), 1–35 (2002)CrossRefGoogle Scholar
  6. 6.
    Mukkamala, R., Atluri, V., Warner, J.: A Distributed Service Registry for Resource Sharing among Ad-hoc Dynamic Coalitions. In: Proc. of IFIP Joint Working Conference on Security Management, Integrity, and Internal Control in Information systems. LNCS, Springer, Heidelberg (2005)Google Scholar
  7. 7.
    XACML Extensible access control markup language specification 2.0, OASIS Standard (March 2004), available at
  8. 8.
    Hughes, et al.: Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1.OASIS,
  9. 9.
    Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access Control Language for Multi-Domain Environments. IEEE Internet Computing 8(6), 40–50 (2004)CrossRefGoogle Scholar
  10. 10.
    Belokolsztolszki, A., Eyers, D., Moody, K.: Policy Contexts: Controlling Information Flow in Parameterised RBAC. In: POLICY 2003. Proc. of the 4th Int. Workshop on Policies for Distributed Systems and Networks, pp. 99–110. IEEE Press, Los AlamitosGoogle Scholar
  11. 11.
    Hosmer, H.: Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. In: Proceedings on the 1992-1993 Workshop on New Security Paradigms (Little Compton, Rhode Island, United States), pp. 175–184. ACM Press, New YorkGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Petros Belsis
    • 1
  • Stefanos Gritzalis
    • 1
  • Christos Skourlas
    • 2
  • Vassilis Tsoukalas
    • 3
  1. 1.Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, SamosGreece
  2. 2.Department of Informatics, Technological Education Institute, AthensGreece
  3. 3.Department of Industrial Informatics, Technological Education Institute, KavalaGreece

Personalised recommendations