Delegating revocations and authorizations in collaborative business environments

Efficient collaboration allows organizations and individuals to improve the efficiency and quality of their business activities. Delegations, as a significant approach, may occur as workflow collaborations, supply chain collaborations, or collaborative commerce. Role-based delegation models have been used as flexible and efficient access management for collaborative business environments. Delegation revocations can provide significant functionalities for the models in business environments when the delegated roles or permissions are required to get back. However, problems may arise in the revocation process when one user delegates user U a role and another user delegates U a negative authorization of the role. This paper aims to analyse various role-based delegation revocation features through examples. Revocations are categorized in four dimensions: Dependency, Resilience, Propagation and Dominance. According to these dimensions, sixteen types of revocations exist for specific requests in collaborative business environments: DependentWeakLocalDelete, Dependent WeakLocalNegative, DependentWeakGlobalDelete, DependentWeakGlobalNegative, IndependentWeak LocalDelete, IndependentWeakLocalNegative, Inde pendentWeakGlobalDelete, IndependentWeakGlobal Negative, and so on. We present revocation delegating models, and then discuss user delegation authorization and the impact of revocation operations. Finally, comparisons with other related work are discussed

Building access control policy model for Privacy Preserving and Testing Policy Conflicting Problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. The key component is purpose involved access control models for expressing highly complex privacy-related policies with various features. A policy refers to an access right that a subject can have on an object, based on attribute predicates, obligation actions, and system conditions. Policy conflicting problems may arise when new access policies are generated that are possible to be conflicted to existing policies. As a result of the policy conflicts, private information cannot be well protected. The structure of purpose involved access control policy is studied, and efficient conflict-checking algorithms are developed and implemented. Finally a discussion of our work in comparison with other related work such as EPAL is presented

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems

Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

Autenticación de contenidos y control de acceso en redes peer-to-peer puras

Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms, which address and assure the authenticity and integrity of the resources shared by networking nodes, to access control proposals, which provide authorization services. In particular, the combination of both, authentication and access control, within well-known P2P file sharing systems may involve several advances in the content replication and distribution processes. The aim of this thesis is to define, develop and evaluate a secure P2P content distribution scheme for file sharing scenarios. The proposal will be based on the use of digital certificates, similar to those used in the provision of public key authenticity. To carry out this proposal in such an environment, which does not count on a hierarchy of certification authorities, we will explore the application of non-conventional techniques, such as Byzantine agreement protocols and schemes based on “proof-of-work.” We then propose a content authentication protocol for pure P2P file sharing systems. Under certain restrictions, our scheme provides guarantees that a content is authentic, i.e. it has not been altered, even if it is a replica of the original and the source has lost control over it. Moreover, we extend our initial work by showing how digital certificates can be modified to provide authorization capabilities for self-organizing peers. The entire scheme is first theoretically analyzed, and also implemented in C and Java in order to evaluate its performance. This document is presented as Ph.D. Thesis within the 2007–08 Ph.D. in Computer Science Program at Carlos III University of Madrid

On Usage Control for Data Grids: Models, Architectures, and Specifications

This thesis reasons on usage control in Data Grids, by presenting models, architectures and specifications. This work is a step toward a continuous monitoring and control of the data access and usage in a Data Grid. First, the thesis presents a background on Grids, security, and security for Grids, by making an abstraction to the current Grid implementations. We argue that usage control in Data Grids should be considered as a process composed by two black boxes. We analysed the requirements for Grid security, and propose a distributed usage control model suitable for Grids and distributed systems alike. Then, we apply such model to a Data Grid abstraction, and present a usage control architecture for Data Grids that uses the functional components of the currents Grids. We also present an abstract specification for an enforcing mechanism for usage control policies. To do so, we use a formal requirement engineering methodology with a bottom-up approach, that proves that the specification is sound and complete. With the methodology, we show formally that such abstract specification can enforce all the different typologies of usage control policies. Finally, we consider how existing prototypes can fit in the proposed architecture, and the advantages derived from using Semantic Grid techologies for the specification of policies subjects and objects

A user-managed access control model and mechanisms for web based social networks: enhancing expressive power, co-ownership management, interoperability and authorized data exposures

Web Based Social Networks (WBSNs) are well-known applications which are used by thousands of people worldwide. However, privacy issues, and access control in particular, cannot be disregarded. WBSNs consist of users who upload data to be shared with other users and the management of who is able to access to the uploaded data is a subject to study. In this respect, this thesis focuses on four aspects. First, WBSN users have to specify their privacy preferences in a fine-grained way. Second, WBSN data is not usually related to a single user, who uploads it and who is considered the owner, but to multiple users who are referred to as co-owners. Then, access control has to be managed preserving the privacy of both, owners and co-owners, such that all their privacy preferences are satisfied without restrictions. Thirdly, the great quantity of WBSNs forces users upon being enrolled in many of them, though being access control management a cumbersome task. Lastly, users upload data to WBSNs and providers store it and may use it for unnoticed or unauthorized purposes. The widespread development of WBSNs has contributed to the enhancement of these applications. The demanding necessity of providing users with tools to control accesses to their data, has boosted the development of proposals in this regard. Nonetheless, a general lack of fine-grained management is detected. The goal of this thesis is to facilitate fine-grained access control management along the whole usage process within and among different WBSNs in a privacy preserving way. Firstly, an expressive usage control model, together with its administrative model, is proposed to achieve the definition of fine-grained access control preferences. Based on previous models, a mechanism to manage co-ownership corresponds to the second contribution of this thesis. Data is decomposed in parts and each of them is assigned to the owner or to a co-owner who establishes access control preferences. Then, these preferences are jointly evaluated and the privacy of all users is completely preserved. Having the right tools to manage access control in a fine-grained way, the third and last contribution of this thesis is a pair of protocols, one being based on an extension of the other, to attain interoperability, reusability and unauthorized data exposures among different WBSNs. Also taking the proposed usage control model as the underlying base to manage access control, these protocols reduce the burden of managing access control in different applications and thus, they help to increase users' control over their data. As a result, this thesis aims to be a challenging step towards the enhancement of access control management procedures in the social networking field.Las Redes Sociales (RSs) son aplicaciones conocidas y utilizadas a lo largo y ancho del mundo. Sin embargo, los problemas de privacidad, y de control de acceso en particular, no pueden menospreciarse. Las RSs se basan en usuarios que comparten datos entre sí, siendo la gestión de quién puede acceder a dichos datos un tema al que hay que prestar especial interés. En base a esto, la presente Tesis estudia cuatro cuestiones. Primero, los usuarios de las RSs tienen que especificar sus preferencias con alta granularidad. Segundo, los datos de las RSs no se asocian a un único usuario, considerado el propietario y quien sube los datos a las RSs, sino que pueden estar asociados a múltiples usuarios, los cuales reciben el nombre de copropietarios. Por ello, el control de acceso tiene que preservar la privacidad de todos los usuarios, tanto de los propietarios como de los copropietarios, consiguiendo satisfacer las preferencias de control de acceso de todos ellos. Tercero, la gran cantidad de RSs existentes obliga a los usuarios a crear cuentas en cada una de ellas en las que quieran participar, siendo la gestión del control de acceso una tarea tediosa. En último lugar, los usuarios suben sus datos a las RSs y los proveedores de servicio los almacenan, pudiéndolos utilizar para su propio beneficio. La necesidad de proporcionar a los usuarios las herramientas adecuadas para que puedan controlar sus datos ha acelerado el desarrollo de propuestas para la mejora de las RSs. Sin embargo, se detecta una falta de granularidad en la gestión del control de acceso. El objetivo de esta Tesis es facilitar la gestión del control de acceso con alta granularidad entre distintas RSs a lo largo de todo el proceso de uso y preservando la privacidad. En primer lugar se propone un modelo de uso expresivo, junto con el modelo administrativo complementario, para conseguir la definición de preferencias de control de acceso con alta granularidad. Basado en los modelos anteriores, la segunda de las contribuciones se corresponde con el desarrollo de un mecanismo para la gestión de la copropiedad. Los datos son descompuestos en partes y cada parte asignada al propietario o a un copropietario para que éste establezca las preferencias de privacidad deseadas. Posteriormente, en cada solicitud de acceso a un dato se evalúan todas las preferencias, preservándose así la privacidad de todos los usuarios. Disponiendo de las herramientas adecuadas para gestionar el control de acceso con alta granularidad, la tercera y última de las contribuciones de esta tesis consiste en el desarrollo de un par de protocolos, uno extendiendo el otro. Estos protocolos facilitan la interoperabilidad, la reusabilidad y la minimización del acceso a los datos de forma no autorizada entre distintas RSs. Igualmente, aplicando el modelo de uso propuesto para la gestión del control de acceso, estos protocolos reducen las tareas a realizar para gestionar el acceso en distintas aplicaciones y por tanto, ayudan a incrementar el control que los usuarios tienen sobre sus datos. En resumen, esta tesis pretende dar un paso en la mejora del control de acceso en las RSs.Programa en Ciencia y Tecnología InformáticaPresidente: Juan Manuel Estévez Tapiador; Vocal: Flavio Lombardi; Secretario: María Isabel González Vasc