PREVENTING MALICIOUS PORTLETS FROM COMMUNICATING AND INTERCEPTING IN COLLABORATION PORTALS

Oliver Gmelch, Günther Pernul

2010

Abstract

In a “networked enterprise”, distributed teams of partner organizations, humans, computer applications, autonomous robots, and devices are interlinked to collaborate with each other in order to achieve higher productivity and to perform joint projects or produce joint products that would have been impossible to develop without the contributions of multiple collaborators. Within a collaboration, security aspects are of critical importance. This is in particular true for loosely coupled collaborations in which individual members of one alliance are working with each other within a certain project only, but may be competitors in other market fields at the same time. Going beyond the current state of the art in portal-based collaboration platforms, this paper presents an approach to prevent unintended information disclosure by malicious portlet instances. The solution is built on open standards (JSR 286 and XACML) and may be incorporated in collaboration-wide enterprise portals in order to regulate information flow during inter-portlet communication.

References

  1. AT&T Corp. (2008). Collaboration across borders. http://www.corp.att.com/emea/docs/s5 collaboration eng.pdf, retrieved 2010-02-26.
  2. Beeson, B. and Wright, A. (2005). Developing reusable portals for scripted scientific codes. In Proceedings of the First International Conference on e-Science and Grid Computing, pages 502-507. IEEE Computer Society.
  3. Chadwick, D., Otenko, S., and Welch, V. (2005). Using SAML to link the GLOBUS toolkit to the PERMIS authorisation infrastructure. In Proceedings of 8th Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, pages 251-261. Springer.
  4. Hepper, S. (2008). JSR 286: Java Portlet Specification Version 2.0. Java Community Process.
  5. ISO/IEC (1996). ISO/IEC 10181-3:1996 Information technology - Open Systems Interconnection - Security frameworks for open systems: Access control framework. Technical report, ISO/IEC, New York, NY, USA.
  6. Katzy, B. R. (1998). Design and implementation of virtual organizations. In Proceedings of the Thirty-First Hawaii International Conference on System Sciences (HICSS), volume 4, pages 142-151, Los Alamitos, CA, USA. IEEE Computer Society.
  7. Moreno, N., Romero, J. R., and Vallecillo, A. (2005). Incorporating cooperative portlets in web application development. In Proceedings of the 1st Workshop on Model-Driven Web Engineering (MDWE 2005), pages 70-79.
  8. Moses, T. et al. (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard.
  9. Priebe, T. and Pernul, G. (2003). Towards integrative enterprise knowledge portals. In CIKM 7803: Proceedings of the twelfth international conference on Information and Knowledge management, pages 216-223, New York, NY, USA. ACM Press.
  10. Shilakes, C. C. and Tylman, J. (1998). Enterprise information portals. Merril Lynch.
  11. Song, J., Wei, J., and Wan, S. (2007). An HTML fragments based approach for portlet interoperability. In Distributed Applications and Interoperable Systems, volume 4531/2007, pages 195-209. Springer Berlin / Heidelberg.
  12. Sun Microsystems, Inc. (2008). Sun Java System Portal Server 7.2 Developer's Guide. Sun Microsystems, Inc., http://dlc.sun.com/pdf/820-2057/820-2057.pdf, retrieved 2010-02-22.
  13. Vullings, E., Dalziel, J., and Buchhorn, M. (2007). Secure Federated Authentication and Authorisation to GRID Portal Applications using SAML and XACML. In Journal of Research and Practice in Information Technology, volume 39, pages 101-114. Australian Computer Society Inc.
  14. Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., and Waldbusser, S. (2001). RFC3198: Terminology for Policy-Based Management. Technical report, IETF.
  15. Yang, X. and Allan, R. (2006). Web-based Virtual Research Environments (VRE): support collaboration in eScience. In Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology, pages 184-187. IEEE Computer Society Washington, DC, USA.
  16. Yavatkar, R., Pendarakis, D., and Guerin, R. (2000). RFC2753: A Framework for Policy-based Admission Control. Technical report, IETF.
  17. Yin, H., Zhou, J., Wu, H., and Yu, L. (2007). A SAML/XACML Based Access Control between Portal and Web Services. In Proceedings of the The First International Symposium on Data, Privacy, and ECommerce, pages 356-360. IEEE Computer Society Washington, DC, USA.
Download


Paper Citation


in Harvard Style

Gmelch O. and Pernul G. (2010). PREVENTING MALICIOUS PORTLETS FROM COMMUNICATING AND INTERCEPTING IN COLLABORATION PORTALS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 177-182. DOI: 10.5220/0002990301770182


in Bibtex Style

@conference{secrypt10,
author={Oliver Gmelch and Günther Pernul},
title={PREVENTING MALICIOUS PORTLETS FROM COMMUNICATING AND INTERCEPTING IN COLLABORATION PORTALS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={177-182},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002990301770182},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - PREVENTING MALICIOUS PORTLETS FROM COMMUNICATING AND INTERCEPTING IN COLLABORATION PORTALS
SN - 978-989-8425-18-8
AU - Gmelch O.
AU - Pernul G.
PY - 2010
SP - 177
EP - 182
DO - 10.5220/0002990301770182