RelBOSS: A Relationship-Aware Access Control Framework for Software Services

View/ Open
File version
Accepted Manuscript (AM)
Author(s)
Kayes, ASM
Han, Jun
Colman, Alan
Islam, Md Saiful
Griffith University Author(s)
Year published
2014
Metadata
Show full item recordAbstract
Context-awareness is an important aspect of the dynamically changing environments and the relationship context information brings new benefits to the access control systems. Existing relationship-aware access control approaches are highly domain-specific and consider the expression of access control policies in terms of the relationship context information. However, these approaches are unable to dynamically capture the granularity levels and strengths of the relevant relationship. To this end, in this paper we present a formal Relationship-Aware Access Control (RAAC) model for specifying the relevant relationship context ...
View more >Context-awareness is an important aspect of the dynamically changing environments and the relationship context information brings new benefits to the access control systems. Existing relationship-aware access control approaches are highly domain-specific and consider the expression of access control policies in terms of the relationship context information. However, these approaches are unable to dynamically capture the granularity levels and strengths of the relevant relationship. To this end, in this paper we present a formal Relationship-Aware Access Control (RAAC) model for specifying the relevant relationship context information and the corresponding access control policies. Using the RAAC model, we introduce an ontology-based framework, Rel ationship- B ased access control O ntology for S oftware S ervices (RelBOSS). One of the main novelties of the framework is that it dynamically captures the relationship context information (the type/name, granularity levels and strengths of the relevant relationship). Experiments with a software prototype confirm the feasibility of our framework.
View less >
View more >Context-awareness is an important aspect of the dynamically changing environments and the relationship context information brings new benefits to the access control systems. Existing relationship-aware access control approaches are highly domain-specific and consider the expression of access control policies in terms of the relationship context information. However, these approaches are unable to dynamically capture the granularity levels and strengths of the relevant relationship. To this end, in this paper we present a formal Relationship-Aware Access Control (RAAC) model for specifying the relevant relationship context information and the corresponding access control policies. Using the RAAC model, we introduce an ontology-based framework, Rel ationship- B ased access control O ntology for S oftware S ervices (RelBOSS). One of the main novelties of the framework is that it dynamically captures the relationship context information (the type/name, granularity levels and strengths of the relevant relationship). Experiments with a software prototype confirm the feasibility of our framework.
View less >
Journal Title
Lecture Notes in Computer Science
Volume
8841
Copyright Statement
© 2014 Springer International Publishing AG. This is an electronic version of an article published in Lecture Notes In Computer Science (LNCS), volume 8841, pp 258-276, 2014. Lecture Notes In Computer Science (LNCS) is available online at: http://link.springer.com// with the open URL of your article.
Subject
Cybersecurity and privacy not elsewhere classified
Information systems development methodologies and practice