Toward a Usage-Based Security Framework for Collaborative Computing Systems

Author:

Zhang Xinwen1,Nakae Masayuki2,Covington Michael J.3,Sandhu Ravi4

Affiliation:

1. Samsung Information Systems America

2. NEC Corporation

3. Intel Corporation

4. University of Texas at San Antonio and TriCipher Inc.

Abstract

Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to protect both individual and shared computing resources. In this article we propose a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework. In the policy model layer, UCON policies are specified with predicates on subject and object attributes, along with system attributes as conditional constraints and user actions as obligations. General attributes include not only persistent attributes such as role and group memberships but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad hoc collaborations. In the enforcement model layer, our novel framework uses a hybrid approach for subject attribute acquisition with both push and pull modes. By leveraging attribute propagations between a centralized attribute repository and distributed policy decision points, our architecture supports decision continuity and attribute mutability of the UCON policy model, as well as obligation evaluations during policy enforcement. As a proof-of-concept, we implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our approach.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Cited by 61 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Military Computing Security: Insights and Implications;Journal of The Institution of Engineers (India): Series B;2024-08-21

2. A Systematic Review of Ability-diverse Collaboration through Ability-based Lens in HCI;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

3. Specification and Enforcement of Activity Dependency Policies using XACML;2024 10th International Symposium on System Security, Safety, and Reliability (ISSSR);2024-03-16

4. Cloud Deployment Unveiled: A Security Model Focused on Industry;2023 International Conference on Advances in Computation, Communication and Information Technology (ICAICCIT);2023-11-23

5. Review on Neural Question Generation for Education Purposes;International Journal of Artificial Intelligence in Education;2023-10-31

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3