Towards Coequal Authorization for Dynamic Collaboration

In dynamic collaboration, participants oftentimes need to share resources with each other under the same criteria. However, since each participant has its own authorization policies as a way of controlling resource access, their discrepancies make such collaboration difficult. It is desired to develop a practical and automatic way to generate the collaborative policies for coequal authorizations. In this paper, we investigate this problem by proposing an authorization framework based on the widely adopted XACML policy. Each practical XACML policy is converted into Boolean expressions and further refined as a set of atomic rules against the policy structure. With the rule set, the combination algorithms in policies and the collaboration preference of participants, the collaborative authorization policy is automatically generated. We analyze the consistency of the collaborative policies with previous authorization policies. Some experiments are performed to exam our approach and show that it can efficiently solve the problem of coequal authorizations.

[1]  Dieter Gollmann,et al.  Computer Security – ESORICS 2004 , 2004, Lecture Notes in Computer Science.

[2]  Jorge Lobo,et al.  Fine-grained integration of access control policies , 2011, Comput. Secur..

[3]  Jorge Lobo,et al.  An approach to evaluate policy similarity , 2007, SACMAT '07.

[4]  Zijiang Yang,et al.  Policy analysis for administrative role based access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[5]  Michael Backes,et al.  An Algebra for Composing Enterprise Privacy Policies , 2004, ESORICS.

[6]  Elisa Bertino,et al.  XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! , 2006, SACMAT '06.

[7]  Elisa Bertino,et al.  Secure Collaboration in a Mediator-Free Distributed Environment , 2008, IEEE Transactions on Parallel and Distributed Systems.

[8]  Carl A. Gunter,et al.  Defeasible security policy composition for web services , 2006, FMSE '06.

[9]  Fabio Massacci,et al.  An access control framework for business processes for web services , 2003, XMLSEC '03.

[10]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[11]  Jorge Lobo,et al.  D-algebra for composing access control policy decisions , 2009, ASIACCS '09.

[12]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[13]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[14]  Elisa Bertino,et al.  XACML Policy Integration Algorithms , 2008, TSEC.

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .