Using semantics for automatic enforcement of access control policies among dynamic coalitions

Janice Warner, Vijayalakshmi Atluri, Ravi Mukkamala, Jaideep Vaidya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Citations (Scopus)

Abstract

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

Original languageEnglish (US)
Title of host publicationSACMAT'07
Subtitle of host publicationProceedings of the 12th ACM Symposium on Access Control Models and Technologies
Pages235-244
Number of pages10
DOIs
StatePublished - Aug 24 2007
EventSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies - Sophia Antipolis, France
Duration: Jun 20 2007Jun 22 2007

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

OtherSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
CountryFrance
CitySophia Antipolis
Period6/20/076/22/07

Fingerprint

Access control
Semantics

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Keywords

  • Access control
  • Coalitions
  • Collaboration
  • Semantics

Cite this

Warner, J., Atluri, V., Mukkamala, R., & Vaidya, J. (2007). Using semantics for automatic enforcement of access control policies among dynamic coalitions. In SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (pp. 235-244). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1266840.1266877
Warner, Janice ; Atluri, Vijayalakshmi ; Mukkamala, Ravi ; Vaidya, Jaideep. / Using semantics for automatic enforcement of access control policies among dynamic coalitions. SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. pp. 235-244 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).
@inproceedings{bc3778c0faca4b18a333ddae78931875,
title = "Using semantics for automatic enforcement of access control policies among dynamic coalitions",
abstract = "In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.",
keywords = "Access control, Coalitions, Collaboration, Semantics",
author = "Janice Warner and Vijayalakshmi Atluri and Ravi Mukkamala and Jaideep Vaidya",
year = "2007",
month = "8",
day = "24",
doi = "10.1145/1266840.1266877",
language = "English (US)",
isbn = "1595937455",
series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",
pages = "235--244",
booktitle = "SACMAT'07",

}

Warner, J, Atluri, V, Mukkamala, R & Vaidya, J 2007, Using semantics for automatic enforcement of access control policies among dynamic coalitions. in SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 235-244, SACMAT'07: 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 6/20/07. https://doi.org/10.1145/1266840.1266877

Using semantics for automatic enforcement of access control policies among dynamic coalitions. / Warner, Janice; Atluri, Vijayalakshmi; Mukkamala, Ravi; Vaidya, Jaideep.

SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. p. 235-244 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Using semantics for automatic enforcement of access control policies among dynamic coalitions

AU - Warner, Janice

AU - Atluri, Vijayalakshmi

AU - Mukkamala, Ravi

AU - Vaidya, Jaideep

PY - 2007/8/24

Y1 - 2007/8/24

N2 - In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

AB - In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

KW - Access control

KW - Coalitions

KW - Collaboration

KW - Semantics

UR - http://www.scopus.com/inward/record.url?scp=34548016797&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34548016797&partnerID=8YFLogxK

U2 - 10.1145/1266840.1266877

DO - 10.1145/1266840.1266877

M3 - Conference contribution

AN - SCOPUS:34548016797

SN - 1595937455

SN - 9781595937452

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 235

EP - 244

BT - SACMAT'07

ER -

Warner J, Atluri V, Mukkamala R, Vaidya J. Using semantics for automatic enforcement of access control policies among dynamic coalitions. In SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. p. 235-244. (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1266840.1266877