Improving the Information Security of Collaborative Web Portals via Fine-Grained Role-Based Access Control

Collaborative portals are emerging as a viable technology to allow groups of individuals to easily author, create, update, and share content via easy-to-use Web-based interfaces, for example, MediaWiki, Microsoft’s Sharepoint, and so forth. From a security perspective, these products are often limited and coarse grained in their authorization and authentication. For example, in a Wiki, the security model is often at two ends of the spectrum: anonymous users with no authorization and limited access via readonly browsing vs. registered users with full-range of access and limited oversight in content creation and modification. However, in practice, such full and unfettered access may not be appropriate for all users and for all applications, particularly as the collaborative technology moves into commercial usage (where copyright and intellectual property are vital) or sensitive domains such as healthcare (which have stringent HIPAA requirements). In this chapter, we report on our research and development effort of a role-based access control for collaborative Web portals that encompasses and realizes security at the application level, the document level (authoring and viewing), and the look-and-feel of the portal itself.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  SangYeob Na,et al.  Role delegation in role-based access control , 2000, RBAC '00.

[3]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[4]  Dan L. Burk Feminism and Copyright in Digital Media , 2005 .

[5]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Tim S. Roberts,et al.  Student Plagiarism in an Online World: Problems and Solutions , 2007 .

[8]  John Linn,et al.  Attribute certification: an enabling technology for delegation and role-based controls in distributed environments , 1999, RBAC '99.

[9]  Marietjie Schutte Handbook of Research on Technoethics , 2009 .

[10]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[11]  Indrajit Ray,et al.  A Framework for Flexible Access Control in Digital Library Systems , 2006, DBSec.

[12]  Darryl A. Seale Why Do We Do It If We Know It's Wrong? A Structural Model of Software Piracy , 2002 .

[13]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[14]  Elisa Bertino,et al.  Access Control in Dynamic XML-Based Web-Services with X-RBAC , 2003, ICWS.

[15]  Hiroshi Ishii,et al.  Toward an open shared workspace: computer and video fusion approach of TeamWorkStation , 1991, CACM.

[16]  Anne V. D. M. Kayem Security in Service Oriented Architectures: Standards and Challenges , 2010 .

[17]  Dan L. Burk,et al.  Intellectual Property and the Firm , 2005 .

[18]  Bhavani M. Thuraisingham,et al.  Security and Privacy for Web Databases and Services , 2004, EDBT.

[19]  Elisa Bertino,et al.  Security in SOA and Web Services , 2006, 2006 IEEE International Conference on Services Computing (SCC'06).

[20]  Mikhail J. Atallah Security Issues in Collaborative Computing , 2006, COCOON.

[21]  T. C. Ting,et al.  Role-Based Security in a Distributed Resource Environment , 2000, DBSec.

[22]  David F. Ferraiolo An argument for the role-based access control model , 2001, SACMAT '01.

[23]  Ellen Francik,et al.  Putting innovation to work: adoption strategies for multimedia communication systems , 1991, CACM.

[24]  Jinchang Wang,et al.  An Exploratory Study of the Cyberbullying and Cyberstalking Experiences and Factors Related to Victimization of Students at a Public Liberal Arts College , 2010, Int. J. Technoethics.

[25]  Steven A. Demurjian,et al.  A Service-Based Approach for RBAC and MAC Security , 2005 .

[26]  Jeremy L. Jacob,et al.  Specifying Security for Computer Supported Collaborative Working , 1995, J. Comput. Secur..

[27]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[28]  Jeffrey Reiss,et al.  College Students, Piracy, and Ethics: Is there a Teachable Moment? , 2011, Int. J. Technoethics.

[29]  Bhavani M. Thuraisingham Security issues for the semantic Web , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[30]  Jonathan Grudin CSCW - Introduction to the Special Section , 1991, Commun. ACM.

[31]  Wenfei Fan,et al.  Secure XML querying with security views , 2004, SIGMOD '04.

[32]  Stefan Katzenbeisser,et al.  Challenges and Solutions in Multimedia Document Authentication , 2010, Handbook of Research on Computational Forensics, Digital Crime, and Investigation.

[33]  Leon Gommans,et al.  Security Architecture for Open Collaborative Environment , 2005, EGC.