CATRAC: Context-Aware Trust- and Role-Based Access Control for Composite Web Services

Web Services are at the heart of many Internet-based e-business systems. Security issues in web services are critical for the continuity of the provided services. Solutions such as Role-Based Access Control and Trust-Based Access Control were proposed to address threats to security in single Web Service scenarios. These solutions do not fully provide the required security level in situations related to composite Web Services. We present a new security framework related to composite Web Services and that combines role-based and trust-based access control. We verify the correctness and performance of the proposed framework and show simulation results from a prototype implementation.

[1]  Michael Collins,et al.  Evaluating Trust-Based Access Control for Social Interaction , 2009, 2009 Third International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[2]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[3]  Shamik Sural,et al.  Access Control Model for Web Services with Attribute Disclosure Restriction , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  Jing Chen,et al.  Hybrid role hierarchy for the extended role based access control model , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[5]  Yichun Liu,et al.  Trust-Based Access Control for Collaborative System , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[6]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[7]  Indrajit Ray,et al.  An interoperable context sensitive model of trust , 2009, Journal of Intelligent Information Systems.

[8]  Zahir Tari,et al.  A role based access control for Web services , 2004, IEEE International Conference onServices Computing, 2004. (SCC 2004). Proceedings. 2004.

[9]  Hong Fan,et al.  A context-aware role-based access control model for Web services , 2005, IEEE International Conference on e-Business Engineering (ICEBE'05).

[10]  Nhan Le Thanh,et al.  An Access Control Model for Web Databases , 2010, DBSec.

[11]  Indrajit Ray,et al.  A Vector Model of Trust for Developing Trustworthy Systems , 2004, ESORICS.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  Lawrence Tagg Services , 1987 .

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.