• PDF / 399,939 Bytes
• 12 Pages / 439.363 x 666.131 pts Page_size
• 58 Downloads / 195 Views

DOWNLOAD

REPORT

Abstract. The federation is a special case of open system where the resources are controlled and accessed by cooperation of one or more roles in the federation. The federation system needs a few special treatments like a subset ownership (i.e. multiple user ownership) of the objects, dynamic access right allocation etc. The treatments can not be handled by any combination of mandatory, discretionary and role-based access control models (i.e. MAC, DAC and RBAC). This paper gives a theoretical study on an access control model in federating systems by analysing the nature of subjects, objects and their relationships; and then proposes a generic access control model for any federation system. The safety proof shows that the federation system always remains in a safe state using the proposed federation access control model. Keywords: Access control models, Distributed security, Federation.

1

Introduction

The monolithic and proprietary technologies always give full-fledged and autonomous services but also return a few disadvantages which lead to customerdissatisfaction e.g. a service-lock-in where the customers can not give up the provider and join another provider until the services agreement is over. The solution would be a federation where one or more entity transparently federates for their customers through brokered architecture. The federation gives a few advantages like a good quality of services, low cost services and all-time service availability etc. through a competitive business-market. There is very little literature related to the administration of federated resources, even though there are such advantages of the federation system. The federation in the context of information technology is a special case of open system and works differently as against the traditional open system. The subjects, objects and the granular operations (i.e. access rights) are treated differently in the federation ecosystem as follows. First, a subject is not a singleton role but a subset of federating roles. Second, the federating entities collaboratively execute each granular operations after a successful federation is established among the federating entities. Third, the subject cannot take away objects in the federation because of a subset ownership in which the objects are owned G. Mart´ınez P´ erez et al. (Eds.): SNDS 2014, CCIS 420, pp. 310–321, 2014. c Springer-Verlag Berlin Heidelberg 2014 

A Theoretical Study on Access Control Model in Federated Systems

311

by a subset of federating roles. Fourth, the federation ecosystem allocates and de-allocates the access rights to the subject over object when the federation is established and torn down respectively. The allocation and de-allocation of access rights are done dynamically and transparently. The aforementioned special treatment of subject, object ownership and dynamic access right allocation in the federation fail the basic access control models (ACMs) as follows. In case of MAC, the designer first decides on the set of security levels and then they are always cons

Recommend Documents

Study on Security Domain-Oriented Military Information Systems Access Control Model

134 19 33MB

Federated Database Systems

208 47 2MB

A Conceptual Model for Dynamic Access Control in Hadoop Ecosystem

173 74 23MB

Federated Recommendation Systems

152 63 27MB

Automated Analysis of Access Control Policies Based on Model Checking

169 16 2MB

Access Control Based on Code Identity for Open Distributed Systems

166 49 7MB

Access Control for Smart Manufacturing Systems

171 28 48MB

Model Poisoning Defense on Federated Learning: A Validation Based Approach

179 3 27MB

A correct-by-construction model for attribute-based access control

190 20 1MB

A Decentralized Access Control Model for IoT with DID

155 17 7MB

The Illusion of Management Control A Systems Theoretical Approach to

258 6 2MB

Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Managem

149 39 3MB