Abstract
In dynamic collaboration, participants oftentimes need to share resources with each other under the same criteria. However, since each participant has its own authorization policies as a way of controlling resource access, their discrepancies make such collaboration difficult. It is desired to develop a practical and automatic way to generate the collaborative policies for coequal authorizations. In this paper, we investigate this problem by proposing an authorization framework based on the widely adopted XACML policy. Each practical XACML policy is converted into Boolean expressions and further refined as a set of atomic rules against the policy structure. With the rule set, the combination algorithms in policies and the collaboration preference of participants, the collaborative authorization policy is automatically generated. We analyze the consistency of the collaborative policies with previous authorization policies. Some experiments are performed to exam our approach and show that it can efficiently solve the problem of coequal authorizations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security (TISSEC) 6, 286–325 (2003)
Lee, A.J., Boyer, J.P., Olson, L.E., Gunter, C.A.: Defeasible security policy composition for web services. In: Proceedings of the fourth ACM workshop on Formal methods in security, Alexandria, USA (2006)
Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decision. In: Proceedings of the 4th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Sydney, Australia (2009)
Rao, P., Lin, D., Bertino, E., Li, N., Lobo, J.: Fine-grained integration of access control policies. Computers and Security 30, 91–107 (2011)
Backes, M., Durmuth, M., Steinwandt, R.: An Algebra for Composing Enterprise Privacy Policies. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)
Bonatti, P., Vimercati, S.D.C.D., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security (TISS) 5, 1–35 (2002)
Kostutanski, H., Massacci, F.: An access control framework for business processes for web services. In: Proceedings of ACM Workshop on XML Security, pp. 15–24 (2003)
Mazzoleni, P., Bertino, E., Crispo, B.: Xacml policy integration algorithms. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 223–232 (2006)
Extensible access control markup language (xacml) version 2.03. Technical report (2005)
Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering (ICSE), pp. 196–205 (2005)
Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, Venice, Italy, pp. 124–138 (2006)
Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: ACM Symposium on Access Control Models and Technologies (SACMAT), Sophia Antipolis, France, pp. 1–10 (2007)
Chen, C., Sun, Y., Pan, P.: Similarity analysis on heterogeneous security policy. In: The Third International Conference on Pervasive Computing and Applications (ICPCA 2008), Alexandria, Egypt, pp. 680–685 (2008)
Shehab, M., Ghafoor, A., Bertino, E.: Secure collaboration in a mediator-free distributed environments. IEEE Transactions on Parallel and Distributed Systems 19, 1338–1351 (2008)
Anderson, A.: Evaluating xacml as a policy language. Technical report, OASIS (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, Y., Chen, C. (2011). Towards Coequal Authorization for Dynamic Collaboration. In: Zhong, N., Callaghan, V., Ghorbani, A.A., Hu, B. (eds) Active Media Technology. AMT 2011. Lecture Notes in Computer Science, vol 6890. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23620-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-23620-4_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23619-8
Online ISBN: 978-3-642-23620-4
eBook Packages: Computer ScienceComputer Science (R0)