Managing access control policy from end user perspective in collaborative environment

Currently, collaborative environments offer unlimited data sharing for users. Data owners are poorly involved in handling their data for such environment when it deals with data policy. Normally, data access control policy consists of a resource and authorization descriptions which are assigned by the administrator. It is the responsibility of the administrator to set and specify the policy for application services. The policy details are massive and complex for administrator to handle where most of the times there will be cases of unreview services. This paper proposes a framework that allows data owners to provision policies for storing and managing their shared data with third parties. By adapting RBAC model and adding owner's interest on permissions for data operations and objects, the proposed framework will facilitate data access control whereby owners have the freedom to set their own data access policy.

[1]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[2]  Nasiroh Omar,et al.  Data sharing in networked environments: organization, platforms and issues , 2011 .

[3]  Puneet Gupta,et al.  Abductive Analysis of Administrative Policies in Rule-Based Access Control , 2014, IEEE Transactions on Dependable and Secure Computing.

[4]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[5]  Mikhail I. Gofman,et al.  User-Role Reachability Analysis of Evolving Administrative Role Based Access Control , 2010, ESORICS.

[6]  Stephan Reiff-Marganiec,et al.  Feature interaction in policies , 2004, Comput. Networks.

[7]  Sita Zaleha Zainal Abidin Interaction and interest management in a scripting language , 2006 .

[8]  Puneet Gupta,et al.  Abductive Analysis of Administrative Policies in Rule-Based Access Control , 2014, IEEE Trans. Dependable Secur. Comput..

[9]  Stephan Reiff-Marganiec,et al.  Policy Support for Business-oriented Web Service Management , 2006, 2006 Fourth Latin American Web Congress.

[10]  Muthucumaru Maheswaran,et al.  An Access Control Scheme for Protecting Personal Data , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[11]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[12]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.