Affiliation:
1. Samsung Information Systems America
2. NEC Corporation
3. Intel Corporation
4. University of Texas at San Antonio and TriCipher Inc.
Abstract
Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to protect both individual and shared computing resources. In this article we propose a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework. In the policy model layer, UCON policies are specified with predicates on subject and object attributes, along with system attributes as conditional constraints and user actions as obligations. General attributes include not only persistent attributes such as role and group memberships but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad hoc collaborations. In the enforcement model layer, our novel framework uses a hybrid approach for subject attribute acquisition with both push and pull modes. By leveraging attribute propagations between a centralized attribute repository and distributed policy decision points, our architecture supports decision continuity and attribute mutability of the UCON policy model, as well as obligation evaluations during policy enforcement. As a proof-of-concept, we implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our approach.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Cited by
61 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Military Computing Security: Insights and Implications;Journal of The Institution of Engineers (India): Series B;2024-08-21
2. A Systematic Review of Ability-diverse Collaboration through Ability-based Lens in HCI;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11
3. Specification and Enforcement of Activity Dependency Policies using XACML;2024 10th International Symposium on System Security, Safety, and Reliability (ISSSR);2024-03-16
4. Cloud Deployment Unveiled: A Security Model Focused on Industry;2023 International Conference on Advances in Computation, Communication and Information Technology (ICAICCIT);2023-11-23
5. Review on Neural Question Generation for Education Purposes;International Journal of Artificial Intelligence in Education;2023-10-31