On Mutual Authorizations: Semantics, Integration Issues, and Performance

reciprocity is a powerful determinant of human behavior. None of the existing access control models however captures this reciprocity phenomenon. In this paper, we introduce a new kind of grant, which we call mutual, to express authorizations that actually do this, i.e., users grant access to their resources only to users who allow them access to theirs. We define the syntax and semantics of mutual authorizations and show how this new grant can be included in the Role-Based Access Control model, i.e., extend RBAC with it. We use location-based services as an example to deploy mutual authorizations, and we propose two approaches to integrate them into these services. Next, we prove the soundness and analyze the complexity of both approaches. We also study how the ratio of mutual to allow and to deny authorizations affects the number of persons whose position a given person may read. These ratios may help in predicting whether users are willing to use mutual authorizations instead of deny or allow. Experiments confirm our complexity analysis and shed light on the performance of our approaches.

[1]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  Vijayalakshmi Atluri,et al.  Efficient security policy enforcement for the mobile environment , 2008, J. Comput. Secur..

[4]  Gail-Joon Ahn,et al.  Multiparty Authorization Framework for Data Sharing in Online Social Networks , 2011, DBSec.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Fausto Giunchiglia,et al.  RelBAC: Relation Based Access Control , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[7]  Indrakshi Ray,et al.  Using uml to visualize role-based access control constraints , 2004, SACMAT '04.

[8]  Gaston H. Gonnet,et al.  On the LambertW function , 1996, Adv. Comput. Math..

[9]  Daqing Zhang,et al.  Modeling User Activity Preference by Leveraging User Spatial Temporal Characteristics in LBSNs , 2015, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[10]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[11]  U. Fischbacher,et al.  Strong reciprocity, human cooperation, and the enforcement of social norms , 2002, Human nature.

[12]  Eduardo Mena,et al.  Location-dependent query processing: Where we are and where we are heading , 2010, CSUR.

[13]  François Lesueur,et al.  Tuple-based access control: a provenance-based information flow control for relational data , 2015, SAC.

[14]  Basit Shafiq,et al.  A role-based access control policy verification framework for real-time systems , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[15]  L. Stanca,et al.  Testing Theories of Reciprocity: Do Motivations Matter? , 2009 .

[16]  Tao Jiang,et al.  On the Soundness Property for SQL Queries of Fine-grained Access Control in DBMSs , 2009, 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science.

[17]  Sartaj Sahni,et al.  Handbook of Data Structures and Applications , 2004 .

[18]  Neha Sehta,et al.  A Fine Grained Access Control Model for Relational Databases , 2012 .

[19]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Sandro Etalle,et al.  RBAC administration in distributed systems , 2007, SACMAT '08.

[21]  Rajendra Prasad Mahapatra,et al.  Comparative Analysis of Nearest Neighbor Query Processing Techniques , 2015 .

[22]  Armin Falk,et al.  A Theory of Reciprocity , 2001, Games Econ. Behav..

[23]  Elisa Bertino,et al.  Practical k nearest neighbor queries with location privacy , 2014, 2014 IEEE 30th International Conference on Data Engineering.

[24]  Akira Matsushita,et al.  Capability-based delegation model in RBAC , 2010, SACMAT '10.

[25]  Silvio Lattanzi,et al.  The Power of Random Neighbors in Social Networks , 2015, WSDM.

[26]  王豐堅,et al.  一個在工作流程系統管理系統中基於Task-Role-Based Access Control Model的代理程序框架 , 2007 .

[27]  C. Robusto The Cosine-Haversine Formula , 1957 .