Managing Data Security in E-Markets through Relationship Driven Access Control

Data security in e-markets is vital to maintaining trust among trading partners. In an e-market, companies must share information to improve operational efficiency in their supply chains, while at the same time, access to sensitive information by rival companies should be prevented. In today's highly dynamic business environment, the relationships among companies in e-markets are constantly changing while these relationships determine how company information should be shared with other companies. In this paper, the authors show that existing access control models are not designed for managing data security in e-markets with dynamic company relationships and propose a Relationship Driven Access Control RDAC model to provide a better solution. In particular, the authors design a rule-based approach for managing dynamic company relationships and a secure query processing mechanism to filter shared information based on company relationships. A prototype system is developed to demonstrate and validate the authors' RDAC model.

[1]  Powell E. Robinson,et al.  Flow Coordination and Information Sharing in Supply Chains: Review, Implications, and Directions for Future Research , 2002, Decis. Sci..

[2]  Peter M. D. Gray Logic, algebra and databases , 1984, Ellis Horwood series in computers and their applications.

[3]  Hye-Young Paik,et al.  Towards semantic-driven, flexible and scalable framework for peering and querying e-catalog communities , 2006, Inf. Syst..

[4]  Kwok Kee Wei,et al.  A Survey of SQL Language , 1993 .

[5]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[6]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[7]  Yon Dohn Chung,et al.  Energy and Latency Efficient Access of Wireless XML Stream , 2010, J. Database Manag..

[8]  Michael Kifer,et al.  OpenRuleBench: an analysis of the performance of rule engines , 2009, WWW '09.

[9]  Shirley Ann Becker,et al.  Effective Databases for Text & Document Management , 2003 .

[10]  Yuh-Min Chen,et al.  Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise , 2007, Comput. Ind..

[11]  Michael J. Shaw,et al.  Web-based e-catalog systems in B2B procurement , 2000, Commun. ACM.

[12]  Konstantinos A. Tarabanis,et al.  Promoting trust in B2B virtual organisations through business and technological infrastructures , 2006, Int. J. Netw. Virtual Organisations.

[13]  Arie Segev,et al.  Electronic catalogs: a technology overview and survey results , 1995, CIKM '95.

[14]  Edgar R. Weippl,et al.  Role-Based Access Controls: Status, Dissemination, and Prospects for Generic Security Mechanisms , 2004, Electron. Commer. Res..

[15]  Douglas J. Thomas,et al.  Coordinated supply chain management , 1996 .

[16]  Athanasios K. Tsakalidis,et al.  Web Service Integration and Management Strategies for Large-Scale Datasets , 2006 .

[17]  Arun Sundararajan,et al.  Building and sustaining interorganizational information sharing relationships: the competitive impact of interfacing supply chain operations with marketing strategy , 1997, ICIS '97.

[18]  P. Fiala Information sharing in supply chains , 2005 .

[19]  Katarina Stanoevska-Slabeva,et al.  Internet electronic product catalogs: an approach beyond simple keywords and multimedia , 2000, Comput. Networks.

[20]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[21]  J. Leon Zhao,et al.  Schema coordination in federated database management: a comparison with schema integration , 1997, Decis. Support Syst..

[22]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[23]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[24]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[25]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.

[26]  Assion Lawson-Body,et al.  Interorganizational Relationships in the Context of SMEs' B2B E-Commerce , 2006, J. Electron. Commer. Organ..

[27]  Charles X. Wang,et al.  Supply chain coordination in buyer centric B2B electronic markets , 2004 .

[28]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[29]  Chris Clifton,et al.  Directions for Web and e-commerce applications security , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[30]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[31]  James V. Hansen,et al.  Marketplace and technology standards for B2B e-commerce: progress, challenges, and the state of the art , 2005, Inf. Manag..

[32]  Richard Chbeir,et al.  Novel Indexing Method of Relations Between Salient Objects , 2003, Effective Databases for Text & Document Management.

[33]  Louiqa Raschid,et al.  Supply chain infrastructures: system integration and information sharing , 2002, SGMD.

[34]  Elizabeth Tait,et al.  Challenging digital inequalities: barriers and prospects. , 2008 .

[35]  Kuldeep Kumar,et al.  Trading partner trust in electronic commerce participation , 2000, ICIS.

[36]  A Dogac Data management issues in electronic commerce , 2002 .

[37]  Manfred A. Jeusfeld,et al.  Business data management for business-to-business electronic commerce , 2002, SGMD.

[38]  Timon C. Du,et al.  Access control in collaborative commerce , 2007, Decis. Support Syst..

[39]  Benjamin P.-C. Yen,et al.  Personalization of information access for electronic catalogs on the web , 2002, Electron. Commer. Res. Appl..

[40]  Roshan K. Thomas,et al.  Models for coalition-based access control (CBAC) , 2002, SACMAT '02.

[41]  J. Leon Zhao,et al.  Web Services Enabled E-Market Access Control Model , 2004, Int. J. Web Serv. Res..

[42]  Hau L. Lee,et al.  e-Business and Supply Chain Integration , 2004 .

[43]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[44]  Michael Stonebraker,et al.  Content integration for e-business , 2001, SIGMOD '01.

[45]  Thomas Hildmann,et al.  Managing trust between collaborating companies using outsourced role based access control , 1999, RBAC '99.

[46]  Zongmin Ma,et al.  Database Modeling for Industrial Data Management: Emerging Technologies and Applications , 2006 .

[47]  Shan Wang,et al.  A study of B2B e-market in China: E-commerce process perspective , 2008, Inf. Manag..

[48]  Domenico Beneventano,et al.  A framework for the classification and the reclassification of electronic catalogs , 2004, SAC '04.

[49]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[50]  Elisa Bertino Data Security , 1998, Data Knowl. Eng..

[51]  Frederick Y. Wu,et al.  Instance-level access control for business-to-business electronic commerce , 2002, IBM Syst. J..