A Theoretical Study on Access Control Model in Federated Systems
The federation is a special case of open system where the resources are controlled and accessed by cooperation of one or more roles in the federation. The federation system needs a few special treatments like a subset ownership (i.e. multiple user ownership) of the objects, dynamic access right allocation etc. The treatments can not be handled by any combination of mandatory, discretionary and role-based access control models (i.e. MAC, DAC and RBAC). This paper gives a theoretical study on an access control model in federating systems by analysing the nature of subjects, objects and their relationships; and then proposes a generic access control model for any federation system. The safety proof shows that the federation system always remains in a safe state using the proposed federation access control model.
KeywordsAccess control models Distributed security Federation
Unable to display preview. Download preview PDF.
- 2.Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, vol. I. MITRE Corporation, Bedford (1973)Google Scholar
- 3.Biba, J.K.: Integrity considerations for secure computer systems. MITRE Co., technical report ESD-TR 76-372, pp. 1–68 (April 1977)Google Scholar
- 4.Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)Google Scholar
- 5.Buyya, R., Ranjan, R., Calheiros, R.N.: Intercloud: utility-oriented federation of cloud computing environments for scaling of application services. In: Hsu, C.-H., Yang, L.T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010, Part I. LNCS, vol. 6081, pp. 13–31. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 6.Decat, M., Lagaisse, B., Joosen, W.: Toward efficient and confidentiality-aware federation of access control policies. In: Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing, MW4NG 2012, pp. 4:1–4:6. ACM, NY (2012)Google Scholar
- 8.Dong, G., Cui, G., Shi, W., Miao, Y.: Community health records and hospital medical record file sharing system model. In: 2011 IEEE 2nd International Conference on Software Engineering and Service Science (ICSESS), pp. 146–148 (2011)Google Scholar
- 9.Ferraiolo, D., Kuhn, D.: Role-based access control. In: 15th National Computer Security Conference, pp. 554–563 (October 1992)Google Scholar
- 10.Rao, V., Jaeger, T.: Dynamic mandatory access control for multiple stakeholders. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 53–62. ACM, New York (2009)Google Scholar
- 12.Wenchao, Z., Yafen, L.: Federation access control model based on web-service. In: 2010 International Conference on E-Business and E-Government (ICEE), pp. 38–41 (2010)Google Scholar
- 13.Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 268–275 (2010)Google Scholar