Abstract
Today, there is an increasing need for dynamic, efficient and secure sharing of resources among organizations. In a dynamic coalition environment, participants (including users and systems) of an organization may need to gain access quickly to resources of other organizations in an unplanned manner to accomplish the task at hand. Typically, when entities agree to share their information resources, the access control policies are agreed upon at the coalition level. These coalition level agreements are not at the level of fine-grained policies, in the sense that they do not specify which specific users can access which data object. In this paper, we propose a dynamic coalition-based access control (DCBAC) model that allows automatic access to resources of one coalition entity by users from another coalition entity. To make the model applicable to true ad-hoc dynamic coalitions, we employ a coalition service registry, where coalition entities publicize their coalition level access policies. Any coalition entity wishing to access a specific resource of another coalition entity can obtain a ticket by submitting its entity credentials which are subsequently evaluated by the coalition service registry. DCBAC employs a policy mapper layer that computes the exact credentials required by remote users that are comparable to those required by local users. We demonstrate how the coalition and resource level access policies can be specified in XML-based languages and evaluated.
The work of Warner and Atluri is supported in part by the NSF under grant IIS-0306838.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atluri, V., Warner, J.: Automatic enforcement of access control policies among dynamic coalitions. In: Ghosh, R.K., Mohanty, H. (eds.) ICDCIT 2004. LNCS, vol. 3347, pp. 369–378. Springer, Heidelberg (2004)
Bharadwaj, V., Baras, J.: A framework for automated negotiation of access control policies. In: Proceedings of DISCEX III (2003)
Cohen, E., Winsborough, W., Thomas, R., Shands, D.: Models for coalition-based access control (cbac). In: SACMAT (2002)
Freudenthal, P., Pesin, K., Port, K.: drbac: Distributed role-based access control for dynamic coalition environments. In: ICDCS (July 2002)
Khurana, H., Gavrila, S., Bobba, R., Koleva, R., Sonalker, A., Dinu, E., Gligor, V., Baras, J.: Integrated security services for dynamic coalitions. In: Proc. of the DISCEX III (2003)
OASIS. extensible access control markup language (XACML), version 2. OASIS Standard (February 2005)
OASIS. Universal description discovery and integration (UDDI), version 3.0.2. OASIS Standard (February 2005)
OASIS. Assertions and protocols for the oasis security assertion markup language (saml), version 2. OASIS Standard (January 2005)
Philips, C., Charles, E., Ting, T., Demurjian, S.: Towards information assurance in dynamic coalitions. In: IEEE IAW, USMA (February 2002)
Philips, C., Ting, T.C., Demurjian, S.: Information sharing and security in dynamic coalitions. In: SACMAT (2002)
Silberschatz, A., Galvin, P., Gagne, G.: Operating System Concepts with Java, 6th edn. John Wiley and Sons, Chichester (2004)
Wedde, H.F., Lischka, M.: Cooperative role-based administration. In: SACMAT (2003)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1), 1–42 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Warner, J., Atluri, V., Mukkamala, R. (2005). A Credential-Based Approach for Facilitating Automatic Resource Sharing Among Ad-Hoc Dynamic Coalitions. In: Jajodia, S., Wijesekera, D. (eds) Data and Applications Security XIX. DBSec 2005. Lecture Notes in Computer Science, vol 3654. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11535706_19
Download citation
DOI: https://doi.org/10.1007/11535706_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28138-2
Online ISBN: 978-3-540-31937-5
eBook Packages: Computer ScienceComputer Science (R0)