Towards a Scalable and Dynamic Access Control System for Web Services

Web services are vulnerable to different types of security attacks. The problem of secure access to web-based applications is becoming increasingly complex. Management complexity arises because of the scalability considerations such as the large number of web services users and their invocations and the fact that the access control system should take into account the context. In this paper we describe the architecture of our TDRBAC (Trust and Dynamic Role Based Access Control) model which is implemented using agent technology. In fact, this technology fulfills several requirements of web service’s access control by providing both context awareness and scalability. In order to verify the scalability of the proposed solution, we expose some experimental results from a prototype implemented using JADE (Java Agent DEvelopment) platform. The performance tests show that our TDRBAC multi-agent based system meets the scaling requirements of large distributed services.

[1]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Patrice Abry,et al.  Cluster processes: a natural language for network traffic , 2003, IEEE Trans. Signal Process..

[3]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[4]  Louise Burness,et al.  Scalability evaluation of a distributed agent system , 1999, Distributed Syst. Eng..

[5]  Jianfeng Ma,et al.  Action-Based Access Control for Web Services , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[6]  Jacques Ferber,et al.  Les Systèmes multi-agents: vers une intelligence collective , 1995 .

[7]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[8]  Xuan Wang,et al.  A Contribution Towards Solving the Web Workload Puzzle , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[9]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[10]  Nabil Sahli Survey: Agent-based Middlewares for Context Awareness , 2008, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[11]  Fabrice Guillemin,et al.  A flow-based approach to modeling ADSL traffic on an IP backbone link , 2004, Ann. des Télécommunications.

[12]  Ayman I. Kayssi,et al.  CATRAC: Context-Aware Trust- and Role-Based Access Control for Composite Web Services , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[13]  Hanêne Ben-Abdallah,et al.  Towards an agent based framework for the design of secure web services , 2008, SWS '08.

[14]  Chundong Wang,et al.  Multi-agent Based Architecture of Context-aware Systems , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[15]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[16]  Meriam Jemel,et al.  Towards a Dynamic Access Control Model for E-Government Web Services , 2010, 2010 IEEE Asia-Pacific Services Computing Conference.

[17]  Jose M. Alcaraz Calero,et al.  Toward a Multi-Tenancy Authorization System for Cloud Services , 2010, IEEE Security & Privacy.

[18]  Abhishek Singh,et al.  Survey of Context aware Frameworks - Analysis and Criticism , 2006 .