A pragmatic approach towards secure sharing of digital objects
Pages 3914 - 3926
Abstract
Current access control models have limitations in scenarios where digital objects are decomposed into smaller objects before sharing. We propose an access control model digital object-based access model for such scenarios involving object decomposition. Our model applies to the generic class of objects composing of documents, videos, and audio. We use temporal logic of actions to formally specify access policies in our model and verify different properties. Using mathematical modelling and simulation, we compare the usability and performance of our model in comparison with the widely used traditional access control model and role-based access control model. With business process outsourcing as an example, we demonstrate that our model also yields a considerable reduction in the number of access permissions to be managed by an administrator as compared with other two models. Simulations show an improvement in the time required for access authorization in our model as compared with these two models. These improvements exhibited by our model become more prominent with the increase in the number of users and objects. Copyright © 2015 John Wiley & Sons, Ltd.
References
[1]
Vaidyanathan L. Architectures for massively scalable, distributed rural service enterprises: requirements and models. Technical Report, IITM-Rural Technology and Business Incubator RTBI and Xerox Corporation, Chennai, India, 2009.
[2]
DSCI-KPMG. State of data security and privacy in Indian BPO industry. Technical Report, DSCI and KPMG, New Delhi, India, 2010.
[3]
Singh R, Divakaran DM, Gonsalves TA. Taking rural BPO to new heights: an ACM for distributed and secure document sharing. 5th IEEE Conference on Advanced Networking and Telecommunications System, Bangalore, India, 2011; pp.1-6.
[4]
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. IEEE Computer 1996; Volume 29 Issue 2: pp.38-47.
[5]
Georgiadis CK, Mavridis I, Pangalos G, Thomas RK. Flexible team-based access control using contexts. Proc. 6th ACM Symposium on Access Control Models and Tech., SACMAT '01, ACM, New York, NY, USA, 2001; pp.21-27.
[6]
Joshi JB, Bertino E, Latif U, Ghafoor A. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 2005; Volume 17 Issue 1: pp.4-23.
[7]
Kalam AAE, Baida RE, Balbiani R, Benferhat S, Cuppens F, Deswarte Y, Miege A, Saurel C, Trouessin G. Organization based access control, Proc. 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003, Lake Como, Italy, 2003; pp.120-131.
[8]
Yang N, Barringer H, Zhang N. A purpose-based access control model, 3rd International Symposium on Information Assurance and Security IAS, Manchestor, 2007; pp.143-148.
[9]
Jin X, Krishnan R, Sandhu R. A unified attribute-based access control model covering DAC, MAC and RBAC, DBSec 12, Springer-Verlag, Berlin, Heidelberg, 2012; pp.41-55.
[10]
Sevinç PE, Basin D, Olderog ER. Controlling access to documents: a formal access control model. In Emerging Trends in Information and Communication Security, vol.¿3995, Müller G ed., <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer: Berlin Heidelberg, 2006.
[11]
Ferraiolo D, Kuhn R. Role-based access control, 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, 1992; pp.554-563.
[12]
Damiani E, De¿Capitani¿di Vimercati S, Paraboschi S, Samarati P. A fine-grained access control system for XML documents. ACM Transaction on Information and System Security TISSEC 2002; Volume 5 Issue 2: pp.169-202.
[13]
Lee D, Lee W, Liu P. Supporting XML Security Models Using Relational Databases: A Vision. Springer: Berlin Heidelberg, 2003; pp.267-281.
[14]
Fundulaki I, Marx M. Specifying access control policies for XML documents with XPath, Proc. 9th ACM Symposium on Access Control Models and Technologies, SACMAT '04, ACM: New York, NY, USA, 2004; pp.61-69.
[15]
Bhatti R, Bertino E, Ghafoor A, Joshi JB. XML-based specification for Web services document security. IEEE Computer 2004; Volume 37 Issue 4: pp.41-49.
[16]
Zhu H, L K, Jin R. A practical mandatory access control model for {XML} databases. Information Sciences 2009; Volume 179 Issue 8: pp.1116-1133.
[17]
Park J, Sandhu R. The UCONABC usage control model. ACM Transactions on Information and System Security 2004; Volume 7 Issue 1: pp.128-174.
[18]
Rjaibi W, Bird P. A multi-purpose implementation of mandatory access control in relational database management systems, Proc. 30th International Conference on Very Large Data Bases - volume 30, VLDB '04, VLDB Endowment: Toronto, Canada, 2004; pp.1010-1020.
[19]
Enamul'Kabir M, Wang H, Bertino E. A conditional purpose-based access control model with dynamic roles. Expert System Applications 2011; Volume 38 Issue 3: pp.1482-1489.
[20]
Kabir ME, Wang H, Bertino E. A role-involved purpose-based access control model. Information Systems Frontiers 2012; Volume 14 Issue 3: pp.809-822.
[21]
Smari WW, Clemente P, Lalande JF. An extended attribute based access control model with trust and privacy: application to a collaborative crisis management system. Future Generation Computer Systems 2014; Volume 31 Issue 0: pp.147-168.
[22]
Le XH, Lee S, Lee YK, Lee H, Khalid M, Sankar R. Activity-oriented access control to ubiquitous hospital information and services. Information Sciences 2010 August; Volume 180: pp.2979-2990.
[23]
Kuhn DR, Coyne EJ, Weil TR. Adding attributes to role-based access control. IEEE Computer 2010 June; Volume 43 Issue 6: pp.79-81.
[24]
Lunt TF. Access control policies: some unanswered questions. Computers & Security 1989; Volume 8 Issue 1: pp.43-54.
[25]
Lamport L. The temporal logic of actions. ACM Trans. Program. Lang. Syst. 1994; Volume 16 Issue 3: pp.872-923.
[26]
Lamport L. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc.: Boston, MA, USA, 2002.
[27]
Zhang X, Park J, Parisi-Presicce F, Sandhu R. A logical specification for usage control, Proc. 9th ACM Symposium on Access Control Models and Tech., New York, NY, USA, 2004; pp.1-10.
[28]
Grompanopoulos C. Specification and verification of an attribute-based usage control approach for open and dynamic computing environments. Ph.D. Thesis, 2014.
[29]
Lampson BW. Dynamic protection structures. International Workshop on Managing Requirements Knowledge 1969: pp.27.
- A pragmatic approach towards secure sharing of digital objects
Recommendations
Revocation Schemes for Delegation Licences
Information and Communications SecurityAbstractThe paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the ...
Taxonomy of Delegation Model
ITNG '15: Proceedings of the 2015 12th International Conference on Information Technology - New GenerationsProtection of shared data from unauthorized users is the most challenging problem of cyber security for which different access control models have been introduced. However, to provide flexibility in access control models, access rights are delegated ...
Towards Effective Verification of Multi-Model Access Control Properties
SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and TechnologiesMany existing software systems like logistics systems or enterprise applications employ data security in a more or less ad hoc fashion. Our approach focuses on access control such as permission-based discretionary access control (DAC), variants of role-...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 December 2015
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Feb 2025