Protecting Information Sharing in Distributed Collaborative Environment

This thesis focuses on three aspects (i.e., role-based access control, role-based delegation and privacy-aware access control) of developing a systematic methodology for information sharing in distributed collaborative environments. We develop techniques for setting up secure group communication and providing accesses to group members for many database systems, which incorporate new security constrains and policies raised by current information technologies. We create new forms of access control models to identify and address issues of sharing information in collaborative environments and to specify and enforce privacy protection rules to support identified issues. In role based access control systems (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. This greatly simplifies management of permissions. Roles are created for various job functions in an organization and users are assigned roles based on their responsibilities and qualifications. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed. The principal motivation of RBAC is to simplify administration. In large organizations the number of roles can be in the hundreds or thousands, and users can be in the tens or hundreds of thousands, maybe even millions. Effective management of permission-role assignment could be very useful in practice to avoid the security breach, especially when conflicting permissions granted to the same role. Constraints are an important aspect of RBAC and are a powerful mechanism for laying out higher level organizational policy. Even for the usage control (UCON) model, constraints are discussed less and no formal language is proposed to describe constraints precisely. An appealing is to study constraints formally in RBAC and UCON models. Our work looks at proposing formal approaches to