An authorization model for cross-enterprise collaborations

In the modern enterprise world, collaboration has emerged as a standard of best business practice. In order to build competitive advantages and minimize inefficiencies, organizations nowadays pursuit strategic alliances with partners outside the comfort of familiar security zones, loosen their hierarchical structures, exploit "edge" competencies, and aggregate diverse and heterogeneous sources of information. Nevertheless, such techniques dictate the concentration, use, and circulation of corporate information and sensitive personal data and, thus, ignite severe information confidentiality and privacy concerns. Hence, the employment of the appropriate collaboration technology is not sufficient; potential lack of successful protection mechanisms limits the effectiveness of partnerships and denies the respective investments to reach their full potential. In this paper, an authorization framework toward the protection of sensitive resources in the context of cross-enterprise scenarios is presented. The proposed framework is founded on the utilization of a semantic information model, which integrates individual privacy preferences, organizational access control rules and information handling policies into the authorization determination procedure. Partners within the framework are organized in a bridged federated architecture in order to build a secure communication network, within which semantic and trust interoperability is guaranteed. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[2]  Slim Trabelsi,et al.  Data Usage Control in the Future Internet Cloud , 2011, Future Internet Assembly.

[3]  Dimitra I. Kaklamani,et al.  Trust in an Enterprise World: A Survey , 2014 .

[4]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[5]  Matteo Maffei,et al.  Privacy-aware proof-carrying authorization , 2011, PLAS '11.

[6]  Ernesto Damiani,et al.  Towards Privacy-Enhanced Authorization Policies and Languages , 2005, DBSec.

[7]  Dimitra I. Kaklamani,et al.  Visualising Access Control: The PRISM Approach , 2010, 2010 14th Panhellenic Conference on Informatics.

[8]  Wlodzimierz Drabent,et al.  Hybrid Reasoning with Non-monotonic Rules , 2010, Reasoning Web.

[9]  Álvaro Enrique Arenas,et al.  Reputation management in collaborative computing systems , 2010, Secur. Commun. Networks.

[10]  Guido Dedene,et al.  Governing Web 2.0 , 2011, Commun. ACM.

[11]  Joon S. Park,et al.  Active access control (AAC) with fine-granularity and scalability , 2011, Secur. Commun. Networks.

[12]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[13]  Dimitra I. Kaklamani,et al.  Privacy-Aware Access Control and Authorization in Passive Network Monitoring Infrastructures , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[14]  Fabio Ricciato,et al.  Building a decentralized, cooperative, and privacy-preserving monitoring system for trustworthiness: the approach of the EU FP7 DEMONS project [Very Large Projects] , 2011, IEEE Communications Magazine.

[15]  Elisa Bertino,et al.  Trust Negotiation in Identity Management , 2007, IEEE Security & Privacy.

[16]  Dejan S. Milojicic Interview with Rich Friedrich, Dave Cohen, and Alex Dreiling , 2008, IEEE Internet Computing.

[17]  John J. Borking Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time , 2011, Computers, Privacy and Data Protection.

[18]  Dimitra I. Kaklamani,et al.  Legislation-Aware Privacy Protection in Passive Network Monitoring , 2010 .

[19]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[20]  Pratim Datta,et al.  Online consumer market inefficiencies and intermediation , 2011, DATB.

[21]  Jacques Bughin,et al.  The rise of enterprise 2.0 , 2008 .

[22]  Antonio Maña,et al.  Interoperable semantic access control for highly dynamic coalitions , 2010, Secur. Commun. Networks.

[23]  Andrew W. Appel,et al.  Access control on the Web using proof-carrying authorization , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[24]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[25]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  David W. Chadwick,et al.  A privacy preserving authorisation system for the cloud , 2012, J. Comput. Syst. Sci..

[27]  Carlisle Adams,et al.  Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[28]  Slim Trabelsi,et al.  PPL: PrimeLife Privacy Policy Engine , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.

[29]  David W. Chadwick,et al.  PERMIS: a modular authorization infrastructure , 2008 .

[30]  Laborde Romain,et al.  A formal model of trust for calculating the quality of X.509 certificate , 2011 .

[31]  David W. Chadwick,et al.  A Multi-privacy Policy Enforcement System , 2010, PrimeLife.

[32]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[33]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[34]  A. Acquisti The Economics of Personal Data and the Economics of Privacy , 2010 .

[35]  Dimitra I. Kaklamani,et al.  Leveraging Access Control for Privacy Protection: A Survey , 2012 .

[36]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[37]  William T. Polk,et al.  Public Key Infrastructures that Satisfy Security Goals , 2003, IEEE Internet Comput..

[38]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[39]  Robert Tappan Morris,et al.  Alpaca: extensible authorization for distributed services , 2007, CCS '07.

[40]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[41]  Dimitra I. Kaklamani,et al.  Privacy Protection in Passive Network Monitoring: An Access Control Approach , 2009, 2009 International Conference on Advanced Information Networking and Applications Workshops.