Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - DomRBAC
T2 - an access control model for modern collaborative systems
AU - Gouglidis, Antonios
AU - Mavridis, Ioannis
PY - 2012/6
Y1 - 2012/6
N2 - Modern collaborative systems such as the Grid computing paradigm are capable of providing resource sharing between users and platforms. These collaborations need to be done in a transparent way among the participants of a virtual organization (VO). A VO may consist of hundreds of users and heterogeneous resources. In order to have a successful collaboration, a list of vital importance requirements should be fulfilled, viz. collaboration among domains, to ensure a secure environment during a collaboration, the ability to enforce usage constraints upon resources, and to manage the security policies in an easy and efficient way. In this article, we propose an enhanced role-based access control model entitled domRBAC for collaborative applications, which is based on the ANSI INCITS 359-2004 access control model. The domRBAC is capable of differentiating the security policies that need to be enforced in each domain and to support collaboration under secure inter-operation. Cardinality constraints along with context information are incorporated to provide the ability of applying simple usage management of resources for the first time in a role-based access control model. Furthermore, secure inter-operation is assured among collaborating domains during role assignment automatically and in real-time. Yet, domRBAC, as an RBAC approach, intrinsically inherits all of its virtues such as ease of management, and separation of duty relationships with the latter also being supported in multiple domains. As a proof of concept, we implement a simulator based on the definitions of our proposed access control model and conduct experimental studies to demonstrate the feasibility and performance of our approach.
AB - Modern collaborative systems such as the Grid computing paradigm are capable of providing resource sharing between users and platforms. These collaborations need to be done in a transparent way among the participants of a virtual organization (VO). A VO may consist of hundreds of users and heterogeneous resources. In order to have a successful collaboration, a list of vital importance requirements should be fulfilled, viz. collaboration among domains, to ensure a secure environment during a collaboration, the ability to enforce usage constraints upon resources, and to manage the security policies in an easy and efficient way. In this article, we propose an enhanced role-based access control model entitled domRBAC for collaborative applications, which is based on the ANSI INCITS 359-2004 access control model. The domRBAC is capable of differentiating the security policies that need to be enforced in each domain and to support collaboration under secure inter-operation. Cardinality constraints along with context information are incorporated to provide the ability of applying simple usage management of resources for the first time in a role-based access control model. Furthermore, secure inter-operation is assured among collaborating domains during role assignment automatically and in real-time. Yet, domRBAC, as an RBAC approach, intrinsically inherits all of its virtues such as ease of management, and separation of duty relationships with the latter also being supported in multiple domains. As a proof of concept, we implement a simulator based on the definitions of our proposed access control model and conduct experimental studies to demonstrate the feasibility and performance of our approach.
KW - Access control
KW - Cross-domain authorization
KW - Grid computing
KW - RBAC
KW - Resource usage management
KW - Secure inter-operation
U2 - 10.1016/j.cose.2012.01.010
DO - 10.1016/j.cose.2012.01.010
M3 - Journal article
AN - SCOPUS:84861095268
VL - 31
SP - 540
EP - 556
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
IS - 4
ER -