Towards Decentralised Security Policies for e-Health Collaborations

Security in decentralised collaborative environments present huge challenges where many entities from different autonomous security domains want to access and share resources. This is largely due to cross-boundary issues where security credentials and policies are heterogeneous, and where yielding control to a centralised authority is not an option. Numerous cross-boundary approaches exist today and trust negotiation remains a promising solution that is rapidly evolving. In this paper we present dynamic trust negotiation, an approach that folds remote security credentials into local security credentials through trust contracts, thereby bridging the gap making decentralised security policies for multi-domain collaboration difficult. We show how trust can be realised between strangers through trusted intermediaries where direct trust negotiation between these strangers is otherwise unacceptable.

[1]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[2]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[3]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[4]  Elisa Bertino,et al.  Trust-X: A Peer-to-Peer Framework for Trust Establishment , 2004, IEEE Trans. Knowl. Data Eng..

[5]  Richard O. Sinnott,et al.  Supporting Decentralized, Security Focused Dynamic Virtual Organizations across the Grid , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[6]  Richard O. Sinnott,et al.  Formalising Dynamic Trust Negotiations in Decentralised Collaborative e-Health Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[7]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[8]  Richard O. Sinnott,et al.  Trust Realisation in Multi-domain Collaborative Environments , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[9]  Fillia Makedon,et al.  Collaborative automated trust negotiation in peer-to-peer systems , 2004, Proceedings. Fourth International Conference on Peer-to-Peer Computing, 2004. Proceedings..

[10]  Richard O. Sinnott,et al.  Dynamic trust negotiation for flexible e-health collaborations , 2008, Mardi Gras Conference.

[11]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[12]  Jianxin Li,et al.  TOWER: Practical Trust Negotiation Framework for Grids , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[13]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .

[14]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[15]  E. Ferrari,et al.  Trust negotiations: concepts, systems, and languages , 2004, Computing in Science & Engineering.

[16]  Marianne Winslett,et al.  Traust: a trust negotiation-based authorization service for open systems , 2006, SACMAT '06.

[17]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[18]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[19]  John S. Baras,et al.  Towards automated negotiation of access control policies , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[20]  William H. Winsborough,et al.  Automated trust negotiation technology with attribute-based access control , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[21]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.