A Hybrid Sharing Control Model for Context Sharing and Privacy in Collaborative Systems

Complex Web-based information systems involving multiple entities and their dynamic mobile-based collaborations require efficient techniques for context information sharing. Sharing control is a requirement for preserving the privacy of personal context and shared context. Our sharing control mechanism is hybrid, based on sharing control rules defined by enterprise as well as by individuals users. Our complex scenario involves multiple entities which require prioritization and conflict handling mechanism for entities and their policy rules. This paper presents a sharing control model, Web services-based architecture and its implementation with a running example. The system is evaluated by comparing our hybrid sharing control policy with enterprise-defined role -based policy and shows effectiveness of our hybrid policy in collaborative information sharing environments.

[1]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[2]  Gail-Joon Ahn,et al.  Authorization management for role-based collaboration , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[3]  Schahram Dustdar,et al.  DySCon: Dynamic Sharing Control for Distributed Team Collaboration in Networked Enterprises , 2009, 2009 IEEE Conference on Commerce and Enterprise Computing.

[4]  Schahram Dustdar,et al.  Context-aware Sharing Control using Hybrid Roles in Inter-enterprise Collaboration , 2010, ICSOFT.

[5]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[6]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[7]  Tai-Myung Chung,et al.  Context-Role Based Access Control for Context-Aware Application , 2006, HPCC.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[10]  Thomas Springer,et al.  Context-Dependent Access Control for Contextual Information , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[11]  Vipin Swarup,et al.  Everybody Share: The Challenge of Data-Sharing Systems , 2008, Computer.

[12]  Jadwiga Indulska,et al.  Dynamic conflict detection in policy-based management systems , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[13]  Stavros A. Koubias,et al.  A dynamic context-aware access control architecture for e-services , 2006, Comput. Secur..

[14]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.