An attribute graph based approach to map local access control policies to credential based access control policies

Janice Warner, Vijayalakshmi Atluri, Ravi Mukkamala

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Due to the proliferation of the Internet and web based technologies, today's collaborations among organizations are increasingly short-lived, dynamic, and therefore formed in an ad-hoc manner to serve a specific purpose. Such example environments include web-services, dynamic coalitions, grid computing and ubiquitous computing. These environments necessitate the need for dynamic, efficient and secure sharing of resources among disparate organizations. Although such secure sharing of resources can be achieved by means of traditional access control and authentication mechanisms, they are administratively difficult when the partnerships and interactions are short-lived and constantly changing. When allowing sharing of resources, the organization must ensure that its own security policies are adhered to. Our proposal is to allow users, external to the organization, access to internal resources of the organization, if they possess certain attributes similar to those possessed by the internal users, We begin by first examining the internal security policies within an organization and attempt to map them to credential based policies. In essence, we identify the attributes possessed by internal users relevant to a security policy, and map them to credential attributes that are understood across organizations. Access can then be granted to users once they submit these required credentials with the identified attributes. We present an attribute graph based methodology to accomplish such a mapping, In this paper, we assume that the local access control policies are limited to Role Based Access Control (RBAC) policies.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - First International Conference, ICISS 2005, Proceedings
Pages134-147
Number of pages14
DOIs
StatePublished - 2005
Event1st International Conference on Information Systems Security, ICISS 2005 - Kolkata, India
Duration: Dec 19 2005Dec 21 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3803 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other1st International Conference on Information Systems Security, ICISS 2005
CountryIndia
CityKolkata
Period12/19/0512/21/05

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'An attribute graph based approach to map local access control policies to credential based access control policies'. Together they form a unique fingerprint.

Cite this