COLLABORATION SECURITY FOR MODERN INFORMATION SYSTEMS

Richard Whittaker, Gonzalo Argote-Garcia, Peter J. Clarke, Raimund K. Ege

2006

Abstract

One of the main approaches to accessing heterogeneous data is via the use of a mediation framework. The current problem with mediation systems is that they are viewed as black boxes from the perspective of their clients. As clients enter their data, they are unable to control the access to their data from entities within the mediation system. In this paper we present a solution in the form of a security framework, named Collaboration Security Framework that addresses the needs of all entities, i.e. external clients, mediators or data sources, to have autonomy in applying security policies during collaboration. As a result all entities participating in a collaboration have control over the access to their data by applying local, global and collaboration channel security rules, which can be changed at runtime and that are security model independent.

References

  1. Barker, P. (1995). An analysis of user input to an x.500 white pages directory service. IEEE/ACM Trans. Netw., 3(2):112-125.
  2. Bell, D. and Padula, L. L. (1975). Secure computer systems: Unified exposition and multics interpretation. Technical Report ESD-TR-75-306, MITRE MTR-2997.
  3. Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. B. D. (2005). X-gtrbac: an xml-based policy specification framework and architecture for enterprise-wide access control. ACM Trans. Inf. Syst. Secur., 8(2):187-227.
  4. Bistarelli, S. (2004). Semirings for Soft Constraint Solving and Programming, volume 2962 of Lecture Notes in Computer Science. Springer.
  5. Bistarelli, S., Montanari, U., and Rossi, F. (1997). Semiring-based constraint satisfaction and optimization. J. ACM, 44(2):201-236.
  6. Bradshaw, J. M., Dutfield, S., Carpenter, B., Jeffers, R., and Robinson, T. (1995). KAoS: A Generic Agent Architecture for Aerospace Applications. In Finin, T. and Mayfield, J., editors, Proceedings of the CIKM 7895 Workshop on Intelligent Information Agents, Baltimore, Maryland.
  7. Brewer, D. F. C. and Nash, M. J. (1989). The chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206-214.
  8. Dawson, S., Samarati, P., di Vimercati, S. D. C., Lincoln, P., Wiederhold, G., Bilello, M., and Akella, J. (2000). Secure access wrapper: Mediating security between heterogeneous databases. In Proc. of the Darpa Information Survivability Conference & Exposition, Hilton Head, South Carolina.
  9. Ege, R. K., Yang, L., Kharma, Q., and Ni, X. (2004). Threelayered mediator architecture based on dht. In ISPAN, pages 313-318.
  10. Gong, L. and Qian, X. (1994). The complexity and composability of secure interoperation. pages 190-200.
  11. Gong, L. and Qian, X. (1996). Computational issues in secure interoperation. Software Engineering, 22(1):43- 52.
  12. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. (1976). Protection in operating systems. Commun. ACM, 19(8):461-471.
  13. Lange, D. B. and Oshima, M. (1999). Seven good reasons for mobile agents. Communications of the ACM, 42(3):88-89.
  14. Liu, D., Law, K., and Wiederhold, G. (2000). Chaos: An active security mediation system. In Conference on Advanced Information Systems Engineering, pages 232- 246.
  15. Park, J. and Ram, S. (2004). Information systems interoperability: What lies beneath? ACM Trans. Inf. Syst., 22(4):595-632.
  16. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2):38-47.
  17. Shehab, M., Bertino, E., and Ghafoor, A. (2005). Secure collaboration in mediator-free environments. In CCS 7805: Proceedings of the 12th ACM conference on Computer and communications security, pages 58-67, New York, NY, USA. ACM Press.
  18. Sheth, A. P. and Larson, J. A. (1990). Federated database systems for managing distributed, heterogeneous, and autonomous databases. ACM Comput. Surv., 22(3):183-236.
  19. Steiner, J. G., Neuman, B. C., and Schiller, J. I. (1988). Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter 1988 Technical Conference, pages 191-202, Berkeley, CA. USENIX Association.
  20. Thome, M., Helsinger, A., and Wright, T. (2004). Cougaar: a scalable, distributed multi-agent architecture. In SMC (2), pages 1910-1917.
  21. Wallace, M. (1996). Practical applications of constraint programming. Constraints, 1(1/2):139-168.
  22. Wiederhold, G. (1992). Mediators in the architecture of future information systems. IEEE Computer, 25(3):38- 49.
  23. Wiederhold, G., Bilello, M., Sarathy, V., and Qian, X. (1996). A security mediator for health care information.
  24. Wiederhold, G. and Genesereth, M. R. (1997). The conceptual basis for mediation services. IEEE Expert, 12(5):38-47.
  25. Yang, L., Ege, R. K., Ezenwoye, O., and Kharma, Q. (2004). A role-based access control model for information mediation. In IRI, pages 277-282.
Download


Paper Citation


in Harvard Style

Whittaker R., Argote-Garcia G., J. Clarke P. and K. Ege R. (2006). COLLABORATION SECURITY FOR MODERN INFORMATION SYSTEMS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 363-370. DOI: 10.5220/0002095803630370


in Bibtex Style

@conference{secrypt06,
author={Richard Whittaker and Gonzalo Argote-Garcia and Peter J. Clarke and Raimund K. Ege},
title={COLLABORATION SECURITY FOR MODERN INFORMATION SYSTEMS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={363-370},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002095803630370},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - COLLABORATION SECURITY FOR MODERN INFORMATION SYSTEMS
SN - 978-972-8865-63-4
AU - Whittaker R.
AU - Argote-Garcia G.
AU - J. Clarke P.
AU - K. Ege R.
PY - 2006
SP - 363
EP - 370
DO - 10.5220/0002095803630370