TY - JOUR
T1 - Automatic enforcement of access control policies among dynamic coalitions
AU - Atluri, Vijayalakshmi
AU - Warner, Janice
N1 - Funding Information: 1 This work is supported in part by the National Science Foundation under grant IIS-0306838.
PY - 2004
Y1 - 2004
N2 - The need to securely share information on an ad-hoc basis between collaborating entities is increasingly becoming important. We propose a coalition based access control model (CBAC), comprised of three layers: coalition, role and user-object layers. Our model enables translation of coalition level policies to implementation level access control in a manner similar to that of the layers of the TCP/IP protocol. We present a coalition policy translation protocol that allows the implementation level access control details to be piggy-backed as the access control policy percolates to the coalition level, and similarly, as the coalition level policy trickles down to the implementation level. Under our approach, a user's request to access an object belonging to another coalition entity is automatically translated by employing an approach that considers attributes associated with user credentials and objects. Our approach ensures that the individual access control policies of each coalition entity as well as the agreed-upon coalition policies for sharing are enforced.
AB - The need to securely share information on an ad-hoc basis between collaborating entities is increasingly becoming important. We propose a coalition based access control model (CBAC), comprised of three layers: coalition, role and user-object layers. Our model enables translation of coalition level policies to implementation level access control in a manner similar to that of the layers of the TCP/IP protocol. We present a coalition policy translation protocol that allows the implementation level access control details to be piggy-backed as the access control policy percolates to the coalition level, and similarly, as the coalition level policy trickles down to the implementation level. Under our approach, a user's request to access an object belonging to another coalition entity is automatically translated by employing an approach that considers attributes associated with user credentials and objects. Our approach ensures that the individual access control policies of each coalition entity as well as the agreed-upon coalition policies for sharing are enforced.
UR - http://www.scopus.com/inward/record.url?scp=35048900206&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35048900206&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-540-30555-2_43
DO - https://doi.org/10.1007/978-3-540-30555-2_43
M3 - Article
SN - 0302-9743
VL - 3347
SP - 369
EP - 378
JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ER -