Situation-aware access control for service-oriented autonomous decentralized systems

Service-oriented autonomous decentralized systems (S-ADS) have been presented to address the extreme dynamism in large-scale information systems. In S-ADS, various capabilities are independently constructed and managed by different providers as autonomous services that are distributed over various types of networks, including wireless and wired networks. One of the key challenges in S-ADS is to have an effective access control mechanism that can meet the dynamic and diverse security requirements of various users and providers of an S-ADS system. Current access control mechanisms can hardly meet this challenge due to lack of situation-awareness. In this paper, a situation-aware access control approach is presented, which is middleware-based and integrates situation-awareness capability and role based access control (RBAC) models to provide a practical solution for access control in S-ADS. The situation-aware RBAC model is designed for specifying dynamic access policies in an S-ADS system. Due to the situation-awareness capability of our approach, flexible and high-grained access policies can be specified and enforced for various providers and users.

[1]  Arun Kumar,et al.  Context sensitivity in role-based access control , 2002, OPSR.

[2]  Sandeep K. S. Gupta,et al.  Smart classroom: Enhancing collaborative learning using pervasive computing technology , 2003 .

[3]  Antonio Corradi,et al.  Context-based access control for ubiquitous service provisioning , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[4]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[5]  Kinji Mori,et al.  Autonomous decentralized community construction technology to assure quality of services , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[6]  Stephen S. Yau,et al.  Development of situation-aware application software for ubiquitous computing environments , 2002, Proceedings 26th Annual International Computer Software and Applications.

[7]  Context-Aware Computing,et al.  Reconfigurable Context- Sensitive Middleware for Pervasive Computing , 2002 .

[8]  Jan H. P. Eloff,et al.  A Context-Sensitive Access Control Model and Prototype Implementation , 2000, SEC.

[9]  Karl N. Levitt,et al.  Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[10]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[11]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[12]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[13]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[14]  Kinji Mori,et al.  Autonomy and community , 2003, The Sixth International Symposium on Autonomous Decentralized Systems, 2003. ISADS 2003..

[15]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[16]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2003, Future Gener. Comput. Syst..

[17]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[18]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[19]  Kinji Mori,et al.  Service-oriented autonomous decentralized community communication technique for a complex adaptive information system , 2003, Proceedings IEEE/WIC International Conference on Web Intelligence (WI 2003).

[20]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[21]  William E. Johnston,et al.  Authorization and attribute certificates for widely distributed access control , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[22]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[23]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[24]  Stephen S. Yau,et al.  An Energy-Efficient Object Discovery Protocol for Context-Sensitive Middleware for Ubiquitous Computing , 2003, IEEE Trans. Parallel Distributed Syst..