Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Socially augmenting employee profiles with people-tagging
Proceedings of the 20th annual ACM symposium on User interface software and technology
Supporting selective information sharing with people-tagging
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Privacy-enhanced sharing of personal content on the web
Proceedings of the 17th international conference on World Wide Web
QuanTM: a quantitative trust management system
Proceedings of the Second European Workshop on System Security
Selective message distribution with people-tagging in user-collaborative environments
CHI '09 Extended Abstracts on Human Factors in Computing Systems
Data leakage mitigation for discretionary access control in collaboration clouds
Proceedings of the 16th ACM symposium on Access control models and technologies
TBA: a hybrid of logic and extensional access control systems
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Policy administration in tag-based authorization
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Hi-index | 0.00 |
We study attribute-based access control for resource sharing in collaborative work environments. The goal of our work is to encourage sharing within an organization by striking a balance between usability and security. Inspired by the great success of a number of collaboration-based Web 2.0 systems, such as Wikipedia and Delicious, we propose a novel attribute-based access control framework that acquires information on users' attributes from the collaborative efforts of all users in a system, instead of from a small number of trusted agents. Intuitively, if several users say that someone has a certain attribute, our system believes that the latter indeed has the attribute. In order to allow users to specify and maintain the attributes of each other, we employ the mechanism of peopletagging, where users can tag each other with the terms they want, and tags from different users are combined and viewable by all users in the system. In this article, we describe the system framework of our solution, propose a language to specify access control policies, and design an example-based policy specification method that is friendly to ordinary users. We have implemented a prototype of our solution based on a real-world and large-scale people-tagging system in IBM. Experiments have been performed on the data collected by the system.