TOWARDS A SCALABLE AND DYNAMIC ACCESS CONTROL SYSTEM FOR WEB SERVICES

Meriam Jemel, Nadia Ben Azzouna, Khaled Ghedira

Abstract

Web services are vulnerable to different types of security attacks. The problem of secure access to web-based applications is becoming increasingly complex. Management complexity arises because of the scalability considerations such as the large number of web services users and their invocations and the fact that the access control system should take into account the context. In this paper we describe the architecture of our TDRBAC (Trust and Dynamic Role Based Access Control) model which is implemented using agent technology. In fact, this technology fulfills several requirements of web service’s access control by providing both context awareness and scalability. In order to verify the scalability of the proposed solution, we expose some experimental results from a prototype implemented using JADE (Java Agent DEvelopment) platform. The performance tests show that our TDRBAC multi-agent based system meets the scaling requirements of large distributed services.

References

  1. Azzouna, N. B., Clérot, F., Fricker, C., and Guillemin, F. (2004). A flow-based approach to modeling adsl traffic on an ip backbone link. Annales des Télécommunications, 59(11-12):1260-1299.
  2. Bhatti, R., Bertino, E., and Ghafoor, A. (2005). A trustbased context-aware access control model for webservices. Distrib. Parallel Databases, 18:83-105.
  3. Blaze, M., Feigenbaum, J., and Lacy, J. (1996). Decentralized trust management. In In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164- 173. IEEE Computer Society Press.
  4. Burness, A.-L., Titmuss, R., Lebre, C., Brown, K., and Brookland, A. (1999). Scalability evaluation of a distributed agent system. Distributed Systems Engineering, 6(4):129.
  5. Calero, J. M. A., Edwards, N., Kirschnick, J., Wilcock, L., and Wray, M. (2010). Toward a multi-tenancy authorization system for cloud services. IEEE Security and Privacy, 8:48-55.
  6. Darryl, N. H., Veitch, D., and Abry, P. (2003). Cluster processes, a natural language for network traffic. In IEEE Transactions on Networking, pages 2229-2244.
  7. Ferber, J. (1995). Les Systmes multi-agents: Vers une intelligence collective.
  8. Ferraiolo, D. and Kuhn, R. (1992). Role-based access controls. 15th National Computer Security Conference, pages 554 - 563.
  9. Ghali, C., Chehab, A., and Kayssi, A. (2010). Catrac: Context-aware trust and role-based access control for composite web services. In Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology, CIT 7810, pages 1085-1089, Washington, DC, USA. IEEE Computer Society.
  10. Goseva-Popstojanova, K., Li, F., Wang, X., and Sangle, A. (2006). A contribution towards solving the web workload puzzle. In Proceedings of the International Conference on Dependable Systems and Networks, pages 505-516, Washington, DC, USA. IEEE Computer Society.
  11. Jemel, M., Azzouna, N. B., and Ghedira, K. (2010). Towards a dynamic access control model for egovernment web services. In APSCC, pages 433-440.
  12. Joshi, J. B. D., Bertino, E., Latif, U., and Ghafoor, A. (2005). A generalized temporal role-based access control model. IEEE Trans. on Knowl. and Data Eng., 17:4-23.
  13. Khemakhem, M., BenAbdallah, H., and Belghith, A. (2008). Towards an agent based framework for the design of secure web services. In Proceedings of the 2008 ACM workshop on Secure web services, SWS 7808, pages 81-86, New York, NY, USA. ACM.
  14. Li, F., Wang, W., Ma, J., and Su, H. (2009). Action-based access control for web services. International Symposium on Information Assurance and Security, 2:637- 642.
  15. Li, N. and Mitchell, J. C. (2003). Datalog with constraints: A foundation for trust management languages. In In PADL 03: Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, pages 58-73. Springer-Verlag.
  16. Ohri, R. and Chlebus, E. (2005). Measurement-based email traffic characterization. In Proceedings of Performance Evaluation of Computer and Telecommunication Systems, SPECTS'05.
  17. Sahli, N. (2008). Survey: Agent-based middlewares for context awareness. In Proceedings of the first International DiscCoTec Workshop on Context-aware Adaptation Mecanisms for Pervasive and Ubiquitous Services (CAMPUS), volume 11.
  18. Singh, A. and Conway, M. (2006). Survey of context aware frameworks: Analysis and criticism. Technical report, The university of NORTH CAROLINA.
  19. Wang, C.-D. and Wang, X.-F. (2007). Multi-agent based architecture of context aware systems. Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering, pages 615-619.
Download


Paper Citation


in Harvard Style

Jemel M., Ben Azzouna N. and Ghedira K. (2012). TOWARDS A SCALABLE AND DYNAMIC ACCESS CONTROL SYSTEM FOR WEB SERVICES . In Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-08-2, pages 161-166. DOI: 10.5220/0003938701610166


in Bibtex Style

@conference{webist12,
author={Meriam Jemel and Nadia Ben Azzouna and Khaled Ghedira},
title={TOWARDS A SCALABLE AND DYNAMIC ACCESS CONTROL SYSTEM FOR WEB SERVICES},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2012},
pages={161-166},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003938701610166},
isbn={978-989-8565-08-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - TOWARDS A SCALABLE AND DYNAMIC ACCESS CONTROL SYSTEM FOR WEB SERVICES
SN - 978-989-8565-08-2
AU - Jemel M.
AU - Ben Azzouna N.
AU - Ghedira K.
PY - 2012
SP - 161
EP - 166
DO - 10.5220/0003938701610166