A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A lattice model of secure information flow
Communications of the ACM
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Lattice-Based Access Control Models
Computer
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Binding identities and attributes using digitally signed certificates
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
The PRIMA System for Privilege Management, Authorization and Enforcement in Grid Environments
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Dynamic Context-aware Access Control for Grid Applications
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
Usage control: a unified framework for next generation access control
Usage control: a unified framework for next generation access control
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Security for grid-based computing systems issues and challenges
Proceedings of the ninth ACM symposium on Access control models and technologies
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Access-Control Language for Multidomain Environments
IEEE Internet Computing
Access control in collaborative systems
ACM Computing Surveys (CSUR)
From gridmap-file to VOMS: managing authorization in a Grid environment
Future Generation Computer Systems - Special issue: High-speed networks and services for data-intensive grids: The DataTAG project
Extreme Programming Explained: Embrace Change (2nd Edition)
Extreme Programming Explained: Embrace Change (2nd Edition)
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Secure collaboration in mediator-free environments
Proceedings of the 12th ACM conference on Computer and communications security
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Attribute-Based authentication model for dynamic mobile environments
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Enforcing DRM policies across applications
Proceedings of the 8th ACM workshop on Digital rights management
Wireless Personal Communications: An International Journal
Remote Attestation of Attribute Updates and Information Flows in a UCON System
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Authorization control in collaborative healthcare systems
Journal of Theoretical and Applied Electronic Commerce Research
Distributed usage control architecture for business coalitions
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
SocialVPN: Enabling wide-area collaboration with integrated social and overlay networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Content oriented virtual domains for secure information sharing across organizations
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Role-based secure inter-operation and resource usage management in mobile grid systems
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
A distributed authorization system with mobile usage control policies
EUROCAST'11 Proceedings of the 13th international conference on Computer Aided Systems Theory - Volume Part I
Authorization in cross-border eHealth systems
Information Systems Frontiers
Survey: Usage control in computer security: A survey
Computer Science Review
Challenging issues of UCON in modern computing environments
Proceedings of the Fifth Balkan Conference in Informatics
Journal of Network and Computer Applications
Usage control model specification in XACML policy language
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Using community structure to control information sharing in online social networks
Computer Communications
| Hi-index | 0.00 |
Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to protect both individual and shared computing resources. In this article we propose a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework. In the policy model layer, UCON policies are specified with predicates on subject and object attributes, along with system attributes as conditional constraints and user actions as obligations. General attributes include not only persistent attributes such as role and group memberships but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad hoc collaborations. In the enforcement model layer, our novel framework uses a hybrid approach for subject attribute acquisition with both push and pull modes. By leveraging attribute propagations between a centralized attribute repository and distributed policy decision points, our architecture supports decision continuity and attribute mutability of the UCON policy model, as well as obligation evaluations during policy enforcement. As a proof-of-concept, we implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our approach.