Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers

Research Article

A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments

Download306 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-03354-4_24,
        author={Isabel Cruz and Rigel Gjomemo and Benjamin Lin and Mirko Orsini},
        title={A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments},
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={5},
        keywords={role-based access control collaborative applications dynamic environments Semantic Web reasoning},
        doi={10.1007/978-3-642-03354-4_24}
    }
    
  • Isabel Cruz
    Rigel Gjomemo
    Benjamin Lin
    Mirko Orsini
    Year: 2012
    A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-642-03354-4_24
Isabel Cruz1,*, Rigel Gjomemo1,*, Benjamin Lin1,*, Mirko Orsini1,*
  • 1: University of Illinois at Chicago
*Contact email: ifc@cs.uic.edu, rgjomemo@cs.uic.edu, plin@cs.uic.edu, orsinim@cs.uic.edu

Abstract

We investigate a security framework for collaborative applications that relies on the role-based access control (RBAC) model. In our framework, roles are pre-defined and organized in a hierarchy (partial order). However, we assume that users are not previously identified, therefore the actions that they can perform are dynamically determined based on their own attribute values and on the attribute values associated with the resources. Those values can vary over time (e.g., the user’s location or whether the resource is open for visiting) thus enabling or disabling a user’s ability to perform an action on a particular resource. In our framework, constraint values form partial orders and determine the association of actions with the resources and of users with roles. We have implemented our framework by exploring the capabilities of semantic web technologies, and in particular of OWL 1.1, to model both our framework and the domain of interest and to perform several types of reasoning. In addition, we have implemented a user interface whose purpose is twofold: (1) to offer a visual explanation of the underlying reasoning by displaying roles and their associations with users (e.g., as the user’s locations vary); and (2) to enable monitoring of users that are involved in a collaborative application. Our interface uses the Google Maps API and is particularly suited to collaborative applications where the users’ geospatial locations are of interest.