A combination of semantic and attribute-based access control model for virtual organizations

Document Type: ORIGINAL RESEARCH PAPER

Authors

Abstract

A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex environment with the huge number of users and resources, traditional access control models cannot satisfy VOs security requirements. Most of the current proposals are basically based on the attributes of users and resources. In this paper, we suggest using a combination of the semantic based access control (SBAC) model, and the attribute based access control (ABAC) model with the shared ontology of subjects' attributes in VOs. In this model, each participating organization makes its access control decisions according to an enhanced model of the ABAC model. However, access decision in the VO is made in more abstract level through an enhanced model of the SBAC model. Using the ontology of users and resources in this model facilitates access control in large scale VOs with numerous organizations. By the combination of SBAC and ABAC, we attain their benefits and eliminate their shortcomings. In order to show the applicability of the proposed model, an access control system, based on the proposed model, has been implemented in Java using available APIs, including Sun's XACML API, Jena, Pellet, and Protégé.

Keywords


 [1] K. Jacobsen. A Study of Virtual Organizations, 2004. Project Report, Norwegian University of Science and Technology, Department of Computer and Information Science, NTNU.

[2] M. Arasteh, M. Amini, and R. Jalili. A Trust and Reputation-based Access Control Model for Virtual Organizations. In Proceedings of the 9th International IEEE Conference on Information Security and Privacy (ISCISC'12), pages 121-127, Tabriz, Iran, 2012.

[3] B. Nasser, R. Laborde, A. Benzekri, F. Barrére, and M. Kamel. Dynamic Creation of Inter-Organizational Grid Virtual Organizations. In Proceedings of the First IEEE International Conference on e-Science and Grid Computing, pages 405-412, Melbourne, Australia, 2005.

[4] T. Ryutov, C. Neuman, L. Zhou, and N. Foukia. Establishing Agreements in Dynamic Virtual Organizations. In Proceedings of the First IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks, pages 90-99, Athens, Greece, 2005.

[5] S. Crompton, M. Wilson, A. Arenas, L. Schubert, D. Cojocarasu, J. Hu, and P. Robinson. The TrustCoM General Virtual Organization Agreement Component. In UK e-Science All Hands Meeting, Nottingham, volume 135, Nottingham, UK, 2007.

[6] L. Huraj and H. H VO. Reiser. Intersection Trust In Ad hoc Grid Environment. In Proceedings of the 5th IEEE International Conference on Networking and Services (ICNS'09), pages 456-461, Valencia, Spain, 2009.

[7] M. Ibrohimovna and S. Groot. A Framework for Access Control and Management in Dynamic Cooperative and Federated Environments. In Proceedings of the Fifth Advanced IEEE International Conference on Telecommunications (AICT'09), pages 459-466, Venice, Italy, 2009.

[8] B. Katzy, C. Zhang, and H. Löh. Reference models for virtual organizations. In Virtual Organizations, pages 45-58. Springer, 2005.

[9] Benzakeri. Virtual Organization Security Policy: Specification & Deployment (V1). Technical report, IRIT, 2006.

[10] T. Berners-Lee. A roadmap to the semantic web. 1998.

[11] MI. Yague, A. Mana, J. López, and JM. Troya. Applying the Semantic Web Layers to Access Control. In Proceedings of 14th IEEE International Workshop on Database and Expert Systems Applications, pages 622-626, 2003.

[12] S. Verma, S. Kumar, and M. Singh. Comparative Analysis of Role Base and Attribute Base Access Control Model in Semantic Web. International Journal of Computer Applications, 46(18):1-6, 2012.

[13] A. Bakar and J. Jais. A Review on Extended Role Based Access Control (E-RBAC) Model in Pervasive Computing Environment. In Proceedings of the First IEEE International Conference on Networked Digital Technologies in Ostrava, pages 533-535, Ostrava, Czech Republic, 2009.

[14] N.Dagdee and R. Vijaywargiya. Credential Based Mediator Architecture for Access Control and Data Integration in Multiple Data Source Environment. International Journal of Network Security & Its Applications (IJNSA), 3(3):42-56, May 2011.

[15] J. Park and R. Sandhu. The UCONABC Usage Control Model. ACM Transactions on Information and System Security, 7(1):128-174, February 2004.

[16] L. Cirio, I. Cruz, and R. Tamassia. A Role and Attribute based Access Control System Using Semantic Web Technologies. In Proceedings of the OTM Confederated International Conference on the Move to Meaningful Internet Systems, pages 1256-1266. Springer, 2007.

[17] VC. Hu, D. Ferraiolo, R. Kuhn, AR. Friedman, AJ. Lang, MM. Cogdell, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Technical report, 2013. NIST Special Publication 800.

[18] D. Xu and Y. Zhang. Specification and Analysis of Attribute-Based Access Control Policies: An Overview. In Proceedings of the 8th IEEE International Conference on Software Security and Reliability-Companion, pages 41-49, San Francisco, USA, 2014.

[19] B. Lang, I. Foster, F. Siebenlist, R. Ananthakrishnan, and T. Freeman. A Flexible Attribute based Access Control Method for Grid Computing. Journal of Grid Computing, 7(2):169-180, 2009.

[20] X. Chen, Y. OUYang, M. Zhu, and Y. He. Semantic-Aware Access Control for Grid Application. In Proceedings of the 9th IEEE International Conference for Young Computer Scientists, pages 971-975, Hunan, China, 2008.

[21] S. Javanmardi, M. Amini, R. Jalili, and Y. GanjiSaffar. A Semantic based Access Control Model. In Proceedings of the 11th Nordic Workshop on Secure IT-Systems (NordSec'06), pages 157-168, Linkping, Sweden, 2006.

[22] A.N. Ravari, M. Amini, R. Jalili, and J.H. Jafarian. History based Semantic Aware Access Control Model Using Logical Time. In Proceedings of the 11th IEEE International Conference on Computer and Information Technology, pages 43-50, Khulna, Bangladesh, 2008.

[23] S. Durbeck, C. Fritsch, G. Pernul, and R. Schillinger. A Semantic Security Architecture for Web Services the Access-eGov Solution. In Proceedings of the 10th IEEE International Conference on Availability, Reliability, and Security, pages 222-227, Krakow, Poland, 2010.

[24] T. Priebe, W. Dobmeier, and N. Kamprath. Supporting Attribute-based Access Control with Ontologies. In Proceedings of the First IEEE International Conference on Availability, Reliability and Security, 2006.

[25] A. Mohammad, G. Kanaan, T. Khdour, and S. Bani-Ahmad. Ontology-Based Access Control Model for Semantic Web Service. Journal of Information and Computing Science, 6(3):177-194, 2006.

[26] H. Shen. A Semantic-Aware Attribute-based Access Control Model for Web Services. Algorithms and Architectures for Parallel Processing, LNCS 5574, pages 693-703, 2009.

[27] S. Hai-Bo. A Semantic-and Attribute-based Framework for Web Services Access Control. In Proceedings of the 2nd IEEE International Workshop on Intelligent Systems and Applications (ISA), pages 1-4, Wuhan, China, 2010.

[28] J. Luo, X. Wang, and A. Song. A Semantic Access Control Model for Grid Services. In Proceedings of the 9th IEEE International Conference on Computer Supported Cooperative Work in Design, pages 350-355, 2005.

[29] J. Luo, X. Ni, and J. Yong. A Trust Degree based Access Control in Grid Environments. Information Sciences, 179(15):2618-2628, 2009.

[30] I. Foster, H. Kishimoto, A. Savva, D. Berry, A. Djaoui, A. Grimshaw, B. Horn, F. Maciel, F. Siebenlist, and R. Subramaniam. The Open Grid Services Architecture. Global Grid Forum, GFD-I, 2006.

[31] AL. Pereira, V. Muppavarapu, and SM. Chung. Managing Role-based Access Control Policies for Grid Databases in OGSA-DAI Using CAS. Journal of Grid Computing, 5(1):65-81, 2007.

[32] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. The Community Authorization Service: Status and Future. arXiv preprint cs/0306082, 2003.

[33] W. Meng, H. Xia, and H. Song. A Dynamic Trust Model Based on Recommendation Credibility in Grid Domain. In Proceedings of the IEEE International Conference on Computational Intelligence and Software Engineering, pages 1-4, 2009.

[34] W. Zhou and C. Meinel. Implement Role Based Access Control with Attribute Certificates. In Proceedings of the 6th IEEE International Conference of ICACT on Advanced Communication Technology, pages 536-540, Phoenix Park, Korea, 2004.

[35] M. L. C. Hui NE and C. H. Yong. A Context-Aware based Authorization System for Pervasive Grid Computing. World Academy of Science, Engineering and Technology, 74, 2011.

[36] B. Stepien, S. Matwin, and A. Felty. Advantages of a non-Technical XACML Notation in Role-based Models. In Proceedings of the 9th IEEE International Conference on Privacy, Security and Trust (PST), pages 193-200, Montreal, Canada, 2011.

[37] V. Muppavarapu and SM. Chung. Semantic-based Access Control for Grid Data Resources in Open Grid Services Architecture-Data Access and Integration (OGSA-DAI). In Proceedings of the 20th IEEE International Conference on Tools with Artificial Intelligence, pages 315-322, Dayton, USA, 2008.

[38] A. Anderson. Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML v2.0. Online, May 2015. Available at http://docs.oasisopen.org/xacml/2.0/access-control-xacml-2.0-rbac-profile1-spec-os.pdf.

[39] S. A. Javadi and M. Amini. A Semantic-Aware Role-Based Access Control Model for Pervasive Computing Environments. ISeCure- The ISC International Journal of Information Security, 5(2):119-140, July 2013.