Cited By
View all- Obrezkov DSohr KMalaka R(2022)”Do Metaphors Influence the Usability of Access Control?”: A Gamified Survey.Proceedings of Mensch und Computer 202210.1145/3543758.3547559(472-476)Online publication date: 4-Sep-2022
A Category-Based Framework for Privacy-Aware Collaborative Access Control
Pages 126 - 139
Abstract
The increased availability of portable devices with high computational power gave birth to such phenomenon as Bring Your Own Device (BYOD)—a situation when an employee uses his own device for accessing enterprise sensitive resources. This situation in turn created a new conflict—an employee wants to keep his data private, and an employer want to preserve the confidentiality of their sensitive resources. Since in case of BYOD both employees’ and employers’ data are stored on the employee’s device, a problem of distributed and collaborative access control appears.
In this paper we propose a novel framework for distributed systems with multiparty data ownership. The underlying formal model is based on the notion of Category-Based Access Control (CBAC). It is expanded with a concept of categories, representing a remote third-party policy decision point. The model is designed and evaluated against requirements for collaborative systems.
References
[1]
Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. Association for Computing Machinery, New York (2009).
[2]
Bertolissi, C., Fernández, M., Thuraisingham, B.: Admin-CBAC: an administration model for category-based access control. In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, CODASPY 2020, pp. 73–84. Association for Computing Machinery, New York (2020).
[3]
Damen, S., Hartog, J., Zannone, N.: CollAC: collaborative access control, pp. 142–149 (May 2014).
[4]
Garba AB, Armarego J, Murray D, and Kenworthy W Review of the information security and privacy challenges in bring your own device (BYOD) environments J. Inf. Priv. Secur. 2015 11 1 38-54
[5]
George L Women, Fire, and Dangerous Things: What Categories Reveal about the Mind 1987 Chicago University of Chicago
[6]
Howell, G.E., et al.: Mobile device security: corporate-owned personally-enabled (COPE) (2020)
[7]
Hoxmeier, J.A., DiCesare, C.: System response time and user satisfaction: an experimental study of browser-based applications. In: AMCIS 2000 Proceedings, p. 347 (2000)
[8]
Hu, V., et al.: Guide to attribute based access control (ABAC) definition and considerations. National Institute of Standards and Technology Special Publication, pp. 162–800 (January 2014)
[9]
Jin X, Krishnan R, and Sandhu R Cuppens-Boulahia N, Cuppens F, and Garcia-Alfaro J A unified attribute-based access control model covering DAC, MAC and RBAC Data and Applications Security and Privacy XXVI 2012 Heidelberg Springer 41-55
[10]
Kurniawan, O., Lee, N.T.S., Poskitt, C.M.: Securing bring-your-own-device (BYOD) programming exams. In: Proceedings of the 51st ACM Technical Symposium on Computer Science Education, SIGCSE 2020, pp. 880–886. Association for Computing Machinery, New York (2020).
[11]
Latham, D.C.: Department of defense trusted computer system evaluation criteria. Department of Defense (1986)
[12]
Lennon, R.G.: Bring your own device (BYOD) with cloud 4 education. In: Proceedings of the 3rd Annual Conference on Systems, Programming, and Applications: Software for Humanity, SPLASH 2012, pp. 171–180. Association for Computing Machinery, New York (2012).
[13]
Mahmudlu R, den Hartog J, and Zannone N Ranise S and Swarup V Data governance and transparency for collaborative systems Data and Applications Security and Privacy XXX 2016 Cham Springer 199-216
[14]
Nah FFH A study on tolerable waiting time: how long are web users willing to wait? Behav. Inf. Technol. 2004 23 3 153-163
[15]
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., Martin, S.: Trustzone explained: architectural features and use cases. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 445–451. IEEE (2016)
[16]
Nielsen J Usability Engineering 1994 Burlington Morgan Kaufmann
[17]
Paci F, Squicciarini A, and Zannone N Survey on access control for community-centered collaborative systems ACM Comput. Surv. 2018 51 1 1-38
[18]
Rushinek A and Rushinek SF What makes users happy? Commun. ACM 1986 29 7 594-598
[19]
Sandhu RS, Coyne EJ, Feinstein HL, and Youman CE Role-based access control models Computer 1996 29 2 38-47
[20]
Servos D and Osborn SL Cuppens F, Garcia-Alfaro J, Zincir Heywood N, and Fong PWL HGABAC: towards a formal model of hierarchical attribute-based access control Foundations and Practice of Security 2015 Cham Springer 187-204
[21]
Stepien, B., Felty, A., Matwin, S.: A non-technical XACML target editor for dynamic access control systems. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 150–157 (2014)
[22]
Turkmen, F., Crispo, B.: Performance evaluation of XACML PDP implementations. In: Proceedings of the 2008 ACM Workshop on Secure Web Services, pp. 37–44 (2008)
[23]
Wani, T.A., Mendoza, A., Gray, K.: BYOD in hospitals-security issues and mitigation strategies. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2019. Association for Computing Machinery, New York (2019).
[24]
XAMCL, Committee, O., et al.: eXtensible access control markup language (XACML) committee specification 1.0 (2003)
[25]
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services (ICWS 2005), p. 569 (2005)
Index Terms
- A Category-Based Framework for Privacy-Aware Collaborative Access Control
Index terms have been assigned to the content through auto-classification.
Recommendations
A Category-Based Model for ABAC
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access ControlIn Attribute-Based Access Control (ABAC) systems, access to resources is controlled by evaluating rules against the attributes of the user and the object involved in the access request, as well as the values of the relevant attributes from the ...
A Lattice-Based Privacy Aware Access Control Model
CSE '09: Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03As the amount of data being collected by service providers increases, privacy concerns increase for the data owners that must provide private data to get services. Legislative acts require enterprises protect the privacy of their customers and privacy ...
A privacy-aware access control system
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)The protection of privacy is an increasing concern in our networked society because of the growing amount of personal information that is being collected by a number of commercial and public services. Emerging scenarios of user-service interactions in ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sep 2021
174 pages
ISBN:978-3-030-86585-6
DOI:10.1007/978-3-030-86586-3
© Springer Nature Switzerland AG 2021.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 27 September 2021
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025
Other Metrics
Citations
Cited By
View all- Obrezkov DSohr KMalaka R(2022)”Do Metaphors Influence the Usability of Access Control?”: A Gamified Survey.Proceedings of Mensch und Computer 202210.1145/3543758.3547559(472-476)Online publication date: 4-Sep-2022