Enhancing Privacy and Authorization Control Scalability in the Grid through Ontologies

© 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The use of data Grids for sharing relevant data has proven to be successful in many research disciplines. However, the use of these environments when personal data are involved (such as in health) is reduced due to its lack of trust. There are many approaches that provide encrypted storages and key shares to prevent the access from unauthorized users. However, these approaches are additional layers that should be managed along with the authorization policies. We present in this paper a privacy-enhancing technique that uses encryption and relates to the structure of the data and their organizations, providing a natural way to propagate authorization and also a framework that fits with many use cases. The paper describes the architecture and processes, and also shows results obtained in a medical imaging platform.Manuscript received November 19, 2007; revised July 27, 2008. First published August 4,2008; cur-rent version published January 4,2009. This work was supported in part by the Spanish Ministry of Education and Science to develop the project "ngGrid-New Generation Components for the Efficient Exploitation of eScience Infrastructures," under Grant TIN2006-12860 and in part by the Structural Funds of the European Regional Development Fund (ERDF).Blanquer Espert, I.; Hernández García, V.; Segrelles Quilis, JD.; Torres Serrano, E. (2009). Enhancing Privacy and Authorization Control Scalability in the Grid through Ontologies. IEEE Transactions on Information Technology in Biomedicine. 13(1):16-24. https://doi.org/10.1109/TITB.2008.2003369S162413

Control d'accés depenent del context : disseny i implementació dins l'entorn PROSES

Amb l'aparició de nous entorns en el món de la informàtica sorgeixen noves necessitats. Un d'aquests entorns és SESAR, un entorn que preveu l'ús massiu de transmissió de dades entre sistemes aeris. L'objecitu principal d'aquest projecte és aconseguir implementar el control d'accés per una aplicació en aquest entorn. El primer pas és dur a terme un estudi exhaustiu dels diferents elements que necessitem per desenvolupar el projecte, així com un anàlisi de l'entorn per extreure les característiques pel control d'accés. Després es presenta el seu disseny i implementació, que acompleix el seu objectiu de gestionar el control d'accés de l'aplicació de correu electrònic en aquest entorn.Con la aparición de nuevos entornos en el mundo de la informática surgen nuevas necesidades. Uno de estos entornos es SESAR, que prevé el uso masivo de transmisiones de datos entre sistemas aéreos. Este proyecto parte con el objetivo de conseguir implementar el control de acceso para una aplicación en este entorno. El primer paso es un estudio exhaustivo de los elementos que necesitamos para desarrollar el proyecto, así como un análisis del entorno para extraer las características para el control de acceso. Después se presenta su diseño e implementación, que cumple su objetivo inicial al ser capaz de gestionar el control de acceso de la aplicación de correo electrónico en este entorno.The emergence of new environments in the world of computing causes new requirements. On of these environments is SESAR, which foresees a massive usage of data transmission between aerial systems. The main target of this project is to implement an acces control mechanism for an application in this environment. The first step is a comprehensive study of the elements we need to develop the project and an environmental analysis to extract the features that we need for the mechanism. After that we present its design and implementation, that fulfills its original purpose of being able of managing an access control for the email application in this environment

Enabling Attribute-based Access Control in Authentication and Authorisation Infrastructures

Attribute-based access control (ABAC) is a very powerful and flexible security technique making it possible to overcome limitations of traditional role-based and discretionary access controls. ABAC enables the dynamic handling of vast numbers of heterogeneous and changing resources and users, a task especially relevant for E-Commerce or distributed computing. With an authentication and authorisation infrastructure (AAI) in place, service providers could benefit from synergies and outsourcing possibilities and, simultaneously, strengthening their security level. In addition, AAIs could arbitrate between users’ privacy issues and vendors’ information demands, using privacy enhancing technologies. However, implementing ABAC is not trivial; nor is the derivation of attributes or metadata. This work proposes a solution to the demands for privacy aware, usable, secure, and outsourceable E-Commerce infrastructures with an AAI / ABAC combination. We introduce relevant technologies and an implementation that is evaluated. The prototype is based on the Liberty Alliance’s ID-FF system, using XACML elements and classification tools