A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments

We investigate a security framework for collaborative applications that relies on the role-based access control (RBAC) model. In our framework, roles are pre-defined and organized in a hierarchy (partial order). However, we assume that users are not previously identified, therefore the actions that they can perform are dynamically determined based on their own attribute values and on the attribute values associated with the resources. Those values can vary over time (e.g., the user’s location or whether the resource is open for visiting) thus enabling or disabling a user’s ability to perform an action on a particular resource. In our framework, constraint values form partial orders and determine the association of actions with the resources and of users with roles. We have implemented our framework by exploring the capabilities of semantic web technologies, and in particular of OWL 1.1, to model both our framework and the domain of interest and to perform several types of reasoning. In addition, we have implemented a user interface whose purpose is twofold: (1) to offer a visual explanation of the underlying reasoning by displaying roles and their associations with users (e.g., as the user’s locations vary); and (2) to enable monitoring of users that are involved in a collaborative application. Our interface uses the Google Maps API and is particularly suited to collaborative applications where the users’ geospatial locations are of interest.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[4]  Gail-Joon Ahn,et al.  Data and Applications Security XXI , 2007 .

[5]  Ravi S. Sandhu,et al.  Induced role hierarchies with attribute-based RBAC , 2003, SACMAT '03.

[6]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[7]  Boris Motik,et al.  OWL 2 Web Ontology Language: structural specification and functional-style syntax , 2008 .

[8]  Roberto Tamassia,et al.  Privacy-Preserving Schema Matching Using Mutual Information , 2007, DBSec.

[9]  Roberto Tamassia,et al.  A Role and Attribute Based Access Control System Using Semantic Web Technologies , 2007, OTM Workshops.

[10]  Zahir Tari,et al.  On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops , 2003, Lecture Notes in Computer Science.

[11]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[12]  Elisa Bertino,et al.  Privacy preserving schema and data matching , 2007, SIGMOD '07.

[13]  M. Darnel Theory of Lattice-Ordered Groups , 1994 .

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[16]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[17]  Lalana Kagal,et al.  Proteus: A Semantic Context-Aware Adaptive Policy Model , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[18]  Elisa Bertino,et al.  Access Control and Privacy in Location-Aware Services forMobile Organizations , 2006, 7th International Conference on Mobile Data Management (MDM'06).