Models for coalition-based access control (CBAC)

To effectively participate in modern coalitions, member organizations must be able to share specific data and functionality with coalition partners, while ensuring that their resources are safe from inappropriate access. This requires access control models, policies, and enforcement mechanisms for coalition resources. This paper describes a family of coalition-based access control (CBAC) models, developed to provide a range of expressivity with an accompanying range of implementation complexity. We define the protection state of a system, which provides the semantics of CBAC-based access policies. Finally, we briefly examine some of the issues for coalition access policy development and administration, and them complexity of implementing access enforcement mechanisms in a coalition environment.

[1]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[2]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[3]  Daniel F. Sterne,et al.  Scalable Access Control for Distributed Object Systems , 1999, USENIX Security Symposium.

[4]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[5]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[8]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[9]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[10]  Richard Yee,et al.  Secure Virtual Enclaves: supporting coalition use of distributed application technologies , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Weigang Wang,et al.  Team-and-role-based organizational context and access control for cooperative hypermedia environments , 1999, Hypertext.

[12]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[13]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[14]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.