Authorization models for secure information sharing: a survey and research agenda

Document Type: REVIEW PAPER

Authors

Abstract

This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a 'virtual organization'. The article argues that present authorization models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorization policies. The article outlines the motivation and requirement for a new flexible authorization model that addresses the needs of information sharing. It proposes that a flexible and scalable authorization model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-Based Access Control concept is presented.

Keywords


[1] Xia Zhao and M. Eric Johnson. Information Governance: Flexibility and Control through Escalation and Incentives. In Proceedings of Seventh Workshop on the Economics of Information Security (WEIS'08), Hanover, NH (USA), June 2008.

[2] Yow Tzu Lim, Pau-Chen Cheng, John Andrew Clark, and Pankaj Rohatgi. Policy Evolution with Genetic Programming: A Comparison of Three Approaches. In IEEE Congress on Evolutionary Computation, pages 1792-1800, 2008.

[3] Bob Blakley. The Emperor's Old Armor. In Proceedings of the 1996 Workshop on New Security Paradigms (NSPW'96), pages 2-16, New York, NY, USA, 1996. ACM.

[4] Dixie B. Baker. Fortresses Built Upon Sand. In Proceedings of the 1996 Workshop on New Security Paradigms (NSPW'96), pages 148-153, New York, NY, USA, 1996. ACM.

[5] Dean Povey. Optimistic Security: A New Access Control Paradigm. In Proceedings of the 1999 Workshop on New Security Paradigms (NSPW'99), pages 40-45, New York, NY, USA, 2000. ACM.

[6] Howard F. Lipson and David A. Fisher. Survivability - A New Technical and Business Perspective on Security. In Proceedings of the 1999 Workshop on New Security Paradigms (NSPW'99), pages 33-39, New York, NY, USA, 2000. ACM.

[7] John and Mary R. Markle Foundationd. Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment: Third Report of the Markle Foundation Task Force. Technical report, John and Mary R. Markle Foundation, 2006.

[8] TISN. Trusted Information Sharing Network. [online:http://www.tisn.gov.au/].

[9] J. F. Reid, S. Corones, E. Dawson, A. McCullagh, and E. Foo. High Assurance Communication Technologies Supporting Critical Infrastructure Protection Information Sharing Networks. In Proceedings of RNSA Security Technology Conference 2007, pages 156-167, Melbourne, Australia, September 2007.

[10] Pierangela Samarati and Sabrina De Capitanidi Vimercati. Access Control: Policies, Models, and Mechanisms. In International School on Foundations of Security Analysis and Design (FOSAD), pages 137-196, London, UK, 2001. Springer-Verlag.

[11] Achille Fokoue, Mudhakar Srivatsa, Pankaj Rohatgi, Peter Wrobel, and John Yesberg. A Decision Support System for Secure Information Sharing. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT'09), pages 105-114, New York, NY, USA, 2009. ACM.

[12] Dakshi Agrawal. A New Schema for Security in Dynamic Uncertain Environments. Technical Report RC-24759 A (W0903-025), IBM Research Division, Thomas J. Watson Research Centre, NY 10598, March 2009.

[13] MITRE Corporation Jason Program Office. Horizontal Integration: Broader Access Models for Realizing Information Dominance. Technical Report JSR-04-132, MITRE Corporation, 2004.

[14] Ian Molloy, Pau-Chen Cheng, and Pankaj Rohatgi. Trading in Risk: Using Markets to Improve Access Control. In New Security Paradigms Workshop (NSPW), California, USA, 2008.

[15] Lei Zhang, Alexander Brodsky, and Sushil Jajodia. Toward Information Sharing: Benefit And Risk Access Control (BARAC). In POLICY, pages 45-53, 2006.

[16] Pau-Chen Cheng and Paul A. Karger. Risk Modulating Factors in Risk-Based Access Control for Information in a MANET. Technical Report RC24494, IBM Research Division, Thomas J. Watson Research Center, February 2008.

[17] Roshan K. Thomas and Ravi S. Sandhu. Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Security XI: Status and Prospects, pages 166-181, London, UK, UK, 1998. Chapman & Hall, Ltd.

[18] Elisa Bertino, Piero Andera Bonatti, and Elena Ferrari. TRBAC: A Temporal Role-Based Access Control Model. ACM Transactions on Information and System Security, 4(3):191-233, 2001.

[19] Arun Kumar, Neeran Karnik, and Girish Chafle. Context Sensitivity in Role-Based Access Control. SIGOPS Operating System Review, 36(3):53-66, 2002.

[20] Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Paul A. Karger, Grant M. Wagner, and Angela Schuett Reninger. Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control. In IEEE Symposium on Security and Privacy, pages 222-230, 2007.

[21] Keah Choon Tan. A Framework of Supply Chain Management Literature. European Journal of Purchasing & Supply Management, 7(1):39-48, 2001.

[22] James P. Anderson. Computer Security Technology Planning Study. Technical Report ESD-TR-73-51, Electronic Systems Division, Hanscom Air Force Base, Mass., 1972.

[23] David D. Clark and David R. Wilson. A Comparison of Commercial and Military Security Policies. IEEE Symposium on Security and Privacy, pages 184-193, April 1987.

[24] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chan-dramouli. Proposed NIST Standard for Role- Based Access Control. ACM Transactions on Information and System Security, 4(3):224-274, 2001.

[25] Roshan K. Thomas and Ravi S. Sandhu. Conceptual Foundations for a Model of Task-Based Authorizations. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, Franconia, NH.

[26] D. Elliott Bell and Leonard J. La Padula. Secure Computer Systems: Mathematical Foundations. Technical report, March 1973.

[27] Kenneth J. Biba. Integrity Considerations for Secure Computer Systems. Technical Report TR-3153, MITRE Co., technical report, Bedford MA, 1977.

[28] Butler Lampson. Protection. In Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pages 437-443, Princeton University, 1971.

[29] David F.C. Brewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the IEEE Symposium on Security and Privacy, pages 206-214, May 1989.

[30] David F. Ferraiolo and D.R. Kuhn. Role Based Access Control. 15th National Computer Security Conference, pages 554-563, Oct 13-16 1992.

[31] Ravi S. Sandhu. Rationale for the RBAC96 Family of Access Control Models. In Proceedings of the first ACM Workshop on Role-Based Access Control, 1995.

[32] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38-47, 1996.

[33] Ezedin Barka and Ravi Sandhu. Framework for Role-Based Delegation Models. In Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC'00), page 168, Washington, DC, USA, 2000. IEEE Computer Society.

[34] Myong H. Kang, Joon S. Park, and Judith N. Froscher. Access Control Mechanisms for Interorganizational Workflow. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (SACMAT'01), pages 66-74, New York, NY, USA, 2001. ACM.

[35] Thomas Y. C. Woo and Simon S. Lam. A Framework for Distributed Authorization. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS'93), pages 112-118, New York, NY, USA, 1993. ACM.

[36] Morrie Gasser and E. McDermott. An Architecture for Practical Delegation in a Distributed System. In IEEE Symposium on Security and Privacy, pages 20-30, 1990.

[37] Morrie Gasser, Charles Kaufman, J. Linn, Y. Le Roux, and Joseph Tardo. Distributed Authentication Security Service (DASS). In IFIP Congress (2), pages 447-456, 1992.

[38] Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital Distributed System Security Architecture. In Proceedings of the 12th National Computer Security Conference, volume NIST/NCSC, 1989.

[39] Ram Krishnan, Ravi S. Sandhu, and Kumar Ran-ganathan. PEI Models Towards Scalable, Usable and High-Assurance Information Sharing. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SAC-MAT), pages 145-150, 2007.

[40] Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173, 1996.

[41] Amir Herzberg, Yosi Mass, Joris Michaeli, Yif-tach Ravid, and Dalit Naor. Access Control Meets Public Key Infrastructure, or: Assigning Roles to Strangers. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (SP'00), page 2, Washington, DC, USA, 2000. IEEE Computer Society.

[42] Stephen Weeks. Understanding Trust Management Systems. Security and Privacy, IEEE Symposium on, 0:0094, 2001.

[43] Jaehong Park and Ravi S. Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and System Security, 7 (1):128-174, 2004.

[44] Martín Abadi. Logic in access control. In Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science (LICS'03), pages 228-233. IEEE Computer Society, June 2003.

[45] Martín Abadi, Michael Burrows, Butler W. Lamp-son, and Gordon D. Plotkin. A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, 1993.

[46] Matt Blaze, Joan Feigenbaum, and Martin Strauss. Compliance Checking in the Policy Maker Trust Management System. In Proceedings of the Second International Conference on Financial Cryptography (FC'98), pages 254-274, 1998.

[47] Ninghui Li, J.C. Mitchell, and W.H. Winsbor-ough. Design of A Role-Based Trust-Management Framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130. IEEE Computer Society Press, 2002.

[48] Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. The Role of Trust Management in Distributed Systems Security. In Secure Internet Programming, pages 185-210, 1999.

[49] Peter C. Chapin, Christian Skalka, and X. SeanWang. Authorization in Trust Management: Features and Foundations. ACM Computing Surveys, 40(3):1-48, 2008.

[50] Elisa Bertino, Elena Ferrari, and Anna Squicciarini. Trust Negotiations: Concepts, Systems, and Languages. Computing in Science and Engg., 6 (4):27-34, 2004.

[51] Kent E. Seamons, Marianne Winslett, Ting Yu, Bryan Smith, Evan Child, Jared Jacobson, Hyrum Mills, and Lina Yu. Requirements for Policy Languages for Trust Negotiation. In Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), page 68, Washington, DC, USA, 2002. IEEE Computer Society.

[52] Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. KeyNote: Trust Management for Public-Key. In Infrastructures (Position Paper). Lecture Notes in Computer Science 1550, pages 59-63, 1999.

[53] A. Keromytis. The KeyNote Trust-Management System, version 2. IETF RFC, 2704:164-173, 1999.

[54] Yang-Hua Chu, Joan Feigenbaum, Brian A. LaMacchia, Paul Resnick, and Martin Strauss. REFEREE: Trust Management for Web Applications. Computer Networks, 29(8-13):953-964, 1997.

[55] John DeTreville. Binder, a Logic-Based Security Language. Security and Privacy, IEEE Symposium on, page 105, 2002.

[56] Li Xiong and Ling Liu. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities. IEEE Transactions on Knowledge and Data Engineering, 16(7):843-857, 2004.

[57] Piero A. Bonatti and Daniel Olmedilla. Driving and Monitoring Provisional Trust Negotiation with Metapolicies. In Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, pages 14-23, 2005.

[58] Qiong Liu, Reihaneh Safavi-Naini, and Nicholas Paul Sheppard. Digital Rights Management for Content Distribution. In Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003 (ACSW Frontiers'03), pages 49-58, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc.

[59] Olin Sibert, David Bernstein, and David Van Wie. DigiBox: A Self-protecting Container for Information Commerce. In Proceedings of the 1st Conference on USENIX Workshop on Electronic Commerce (WOEC'95), pages 15-15, Berkeley, CA, USA, 1995. USENIX Association.

[60] P.B. Schneck. Persistent Access Control to Prevent Piracy of Digital Information. In Proceedings of the IEEE, volume 87 of 7, pages 1239-1250, MRJ Technol. Solutions, Fairfax, VA;, July 1999. IEEE.

[61] Nicholas Paul Sheppard and Reihaneh Safavi- Naini. Protecting Privacy with the MPEG-21 IPMP Framework. In Proceedings of 6th Workshop on Privacy Enhancing Technologies, pages 152-171, 2006.

[62] Farzad Salim, Nicholas Paul Sheppard, and Rei-haneh Safavi-Naini. Enforcing P3P Policies Using a Digital Rights Management System. In Privacy Enhancing Technologies, pages 200-217, 2007.

[63] Xin Wang, Guillermo Lao, Thomas DeMartini, Hari Reddy, Mai Nguyen, and Edgar Valenzuela. XrML - eXtensible rights Markup Language. In Proceedings of the 2002 ACM Workshop on XML Security (XMLSEC'02), pages 71-79, New York, NY, USA, 2002. ACM.

[64] International Standards Organization. Information Technology - Multimedia Framework (MPEG-21) - part 5: Rights Expression Language. Technical report, ISO/IEC21000-5:2004, 2004.

[65] Renato Iannella. Open digital rights language (ODRL). Technical report, ISO/IEC21000-5:2004, August 2002.

[66] Pramod Arvind Jamkhedkar and Gregory L. Heileman. A Formal Conceptual Model for Rights. In Proceedings of the 8th ACM Workshop on Digital Rights Management (DRM'08), pages 29-38, New York, NY, USA, 2008. ACM.

[67] Muntaha Alawneh and Imad M. Abbadi. Preventing Information Leakage Between Collaborating Organizations. In Proceedings of the 10th International Conference on Electronic Commerce (ICEC'08), pages 1-10, New York, NY, USA. ACM.

[68] Ravi Sandhu, Kumar Ranganathan, and Xinwen Zhang. Secure Information Sharing Enabled by Trusted Computing and PEI Models. In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (ASIACCS'06), pages 2-12, New York, NY, USA, 2006. ACM.

[69] Jason F. Reid and William J. Caelli. DRM, Trusted Computing and Operating System Architecture. In Proceedings of the 2005 Australasian Workshop on Grid Computing and e-Research, pages 127-136, Darlinghurst, Australia, Australia, 2005. Australian Computer Society, Inc.

[70] Jaehong Park and Ravi Sandhu. Towards Usage Control Models: Beyond Traditional Access Control. In Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (SACMAT'02), pages 57-64, New York, NY, USA, 2002. ACM.

[71] Ravi Sandhu and Jaehong Park. Usage Control: A Vision for Next Generation Access Control. In Lecture Notes in Computer Science, volume 2776/2003, pages 17-31. Springer Berlin / Heidelberg, 2003.

[72] Xinwen Zhang, Jaehong Park, Francesco Parisi-Presicce, and Ravi Sandhu. A Logical Specification for Usage Control. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT'04), pages 1-10, New York, NY, USA, 2004. ACM.

[73] Basel Katt, Xinwen Zhang, Ruth Breu, Michael Hafner, and Jean-Pierre Seifert. A General Obligation Model and Continuity: Enhanced Policy Enforcement Engine for Usage Control. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT'08), pages 123-132, New York, NY, USA, 2008. ACM.

[74] Farzad Salim, Jason Reid, and Ed Dawson. An Administrative Model for UCONABC. In Proceedings of the Eight Australasian Information Security Conference (AISC), volume 105 of Conferences in Research and Practice in Information Technology (CRISP), pages 32-38, Brisbane, Australia, January 2010. Australian Computer Society (ACS).

[75] A. Pretschner, M. Hilty, D. Basin, C. Schaefer, and T. Walter. Mechanisms for Usage Control. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), pages 240-244, New York, NY, USA, 2008. ACM.

[76] Xinwen Zhang, Masayuki Nakae, Michael J. Covington, and Ravi S. Sandhu. Toward a Usage-Based Security Framework for Collaborative Computing Systems. ACM Transactions on Information and System Security, 11(1), 2008.

[77] Hilary H. Hosmer. Using Fuzzy Logic to Represent Security Policies in the Multipolicy Paradigm. ACM SIGSAC Review, 10(4):12-21, 1992.

[78] Hilary H. Hosmer. Security is Fuzzy!: Applying the Fuzzy Logic Paradigm to the Multi policy Paradigm. In Proceedings on the 1992-1993 Workshop on New Security Paradigms (NSPW'92-93), pages 175-184, New York, NY, USA, 1993. ACM.

[79] Lotfi A. Zadeh. Fuzzy Sets. Information Control, 8:338-353, 1965.

[80] Heather M. Hinton. Under-Specification, Composition and Emergent Properties. In Proceedings of the 1997 Workshop on New Security Paradigms (NSPW'97), pages 83-93, New York, NY, USA, 1997. ACM.

[81] Kevin Sullivan, John C. Knight, Xing Du, and Steve Geist. Information Survivability Control Systems. In Proceedings of the 21st International Conference on Software Engineering (ICSE'99), pages 184-192, New York, NY, USA, 1999. ACM.

[82] Anna Ferreira, Ricardo Joao Cruz Correia, Luis Antunes, Pedro Farinha, E. Oliveira Palhares, David W. Chadwick, and Altamiro da Costa Pereira. How to Break Access Control in a Controlled Manner. In Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06), pages 847-854, Washington, DC, USA, 2006. IEEE Computer Society.

[83] Nimal Nissanke and Etienne J. Khayat. Risk Based Security Analysis of Permissions in RBAC. In Proceedings of 2nd International Workshop on Information Systems, pages 332-341, 2004.

[84] Ralph L. Keeney, Howard. Raiffa, and David W. Rajala. Decisions with Multiple Objectives: Preferences and Value Trade-Offs. IEEE Transactions on Systems, Man and Cybernetics, 9(7):403-403, July 1979.