Policy-driven role-based access management for ad-hoc collaboration

Gail-Joon Ahn, Jing Jin, Mohamed Shehab

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Ad-hoc collaboration is a newly emerged environment enabling distributed collaborators to share resources. The dynamic nature and unique sharing pattern in ad-hoc collaboration poses great challenges for security services to accommodate both access control and trust management requirements in providing controlled resource sharing. In this paper, we propose a comprehensive, integrated and implemented access management framework, called RAMARS, for secure digital information sharing in ad-hoc collaboration. Our framework incorporates a role-based approach to leverage the originator control, delegation and dissemination control. A trust awareness feature is integrated for dynamic user-role assignment based on user attributes. The access control polices are formally specified, and a peer-to-peer scientific information sharing system - ShareEnabler - is presented to demonstrate the feasibility of our approach. The performance evaluation of our prototype system with potential system improvements is also discussed.

Original languageEnglish (US)
Pages (from-to)223-257
Number of pages35
JournalJournal of Computer Security
Volume20
Issue number2-3
DOIs
StatePublished - 2012

Fingerprint

Access control
Law enforcement

Keywords

  • access management
  • Ad-hoc collaboration
  • policy enforcement
  • security architecture
  • XACML

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Policy-driven role-based access management for ad-hoc collaboration. / Ahn, Gail-Joon; Jin, Jing; Shehab, Mohamed.

In: Journal of Computer Security, Vol. 20, No. 2-3, 2012, p. 223-257.

Research output: Contribution to journalArticle

Ahn, Gail-Joon ; Jin, Jing ; Shehab, Mohamed. / Policy-driven role-based access management for ad-hoc collaboration. In: Journal of Computer Security. 2012 ; Vol. 20, No. 2-3. pp. 223-257.
@article{e3a73a75876040a99e8cc759b49b3eca,
title = "Policy-driven role-based access management for ad-hoc collaboration",
abstract = "Ad-hoc collaboration is a newly emerged environment enabling distributed collaborators to share resources. The dynamic nature and unique sharing pattern in ad-hoc collaboration poses great challenges for security services to accommodate both access control and trust management requirements in providing controlled resource sharing. In this paper, we propose a comprehensive, integrated and implemented access management framework, called RAMARS, for secure digital information sharing in ad-hoc collaboration. Our framework incorporates a role-based approach to leverage the originator control, delegation and dissemination control. A trust awareness feature is integrated for dynamic user-role assignment based on user attributes. The access control polices are formally specified, and a peer-to-peer scientific information sharing system - ShareEnabler - is presented to demonstrate the feasibility of our approach. The performance evaluation of our prototype system with potential system improvements is also discussed.",
keywords = "access management, Ad-hoc collaboration, policy enforcement, security architecture, XACML",
author = "Gail-Joon Ahn and Jing Jin and Mohamed Shehab",
year = "2012",
doi = "10.3233/JCS-2012-0446",
language = "English (US)",
volume = "20",
pages = "223--257",
journal = "Journal of Computer Security",
issn = "0926-227X",
publisher = "IOS Press",
number = "2-3",

}

TY - JOUR

T1 - Policy-driven role-based access management for ad-hoc collaboration

AU - Ahn, Gail-Joon

AU - Jin, Jing

AU - Shehab, Mohamed

PY - 2012

Y1 - 2012

N2 - Ad-hoc collaboration is a newly emerged environment enabling distributed collaborators to share resources. The dynamic nature and unique sharing pattern in ad-hoc collaboration poses great challenges for security services to accommodate both access control and trust management requirements in providing controlled resource sharing. In this paper, we propose a comprehensive, integrated and implemented access management framework, called RAMARS, for secure digital information sharing in ad-hoc collaboration. Our framework incorporates a role-based approach to leverage the originator control, delegation and dissemination control. A trust awareness feature is integrated for dynamic user-role assignment based on user attributes. The access control polices are formally specified, and a peer-to-peer scientific information sharing system - ShareEnabler - is presented to demonstrate the feasibility of our approach. The performance evaluation of our prototype system with potential system improvements is also discussed.

AB - Ad-hoc collaboration is a newly emerged environment enabling distributed collaborators to share resources. The dynamic nature and unique sharing pattern in ad-hoc collaboration poses great challenges for security services to accommodate both access control and trust management requirements in providing controlled resource sharing. In this paper, we propose a comprehensive, integrated and implemented access management framework, called RAMARS, for secure digital information sharing in ad-hoc collaboration. Our framework incorporates a role-based approach to leverage the originator control, delegation and dissemination control. A trust awareness feature is integrated for dynamic user-role assignment based on user attributes. The access control polices are formally specified, and a peer-to-peer scientific information sharing system - ShareEnabler - is presented to demonstrate the feasibility of our approach. The performance evaluation of our prototype system with potential system improvements is also discussed.

KW - access management

KW - Ad-hoc collaboration

KW - policy enforcement

KW - security architecture

KW - XACML

UR - http://www.scopus.com/inward/record.url?scp=84862981063&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862981063&partnerID=8YFLogxK

U2 - 10.3233/JCS-2012-0446

DO - 10.3233/JCS-2012-0446

M3 - Article

VL - 20

SP - 223

EP - 257

JO - Journal of Computer Security

JF - Journal of Computer Security

SN - 0926-227X

IS - 2-3

ER -