A combination of semantic and attribute-based access control model for virtual organizations

Authors

Abstract:

A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex environment with the huge number of users and resources, traditional access control models cannot satisfy VOs security requirements. Most of the current proposals are basically based on the attributes of users and resources. In this paper, we suggest using a combination of the semantic based access control (SBAC) model, and the attribute based access control (ABAC) model with the shared ontology of subjects' attributes in VOs. In this model, each participating organization makes its access control decisions according to an enhanced model of the ABAC model. However, access decision in the VO is made in more abstract level through an enhanced model of the SBAC model. Using the ontology of users and resources in this model facilitates access control in large scale VOs with numerous organizations. By the combination of SBAC and ABAC, we attain their benefits and eliminate their shortcomings. In order to show the applicability of the proposed model, an access control system, based on the proposed model, has been implemented in Java using available APIs, including Sun's XACML API, Jena, Pellet, and Protégé.

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

A semantic-aware role-based access control model for pervasive computing environments

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...

full text

Access Control Model for Grid Virtual Organizations

The problems encountered in the scientific, industrial and engineering fields entail sophisticated processes across widely distributed communities. The Grid emerged as a platform that has a goal enabling coordinated resources sharing and problem resolving in dynamic multi-institutional Virtual Organizations (VO). Though the multi-institutional aspect is considered in the grid definition, there ...

full text

Task-Based Access Control for Virtual Organizations

GOLD (Grid-based Information Models to Support the Rapid Innovation of New High Value-Added Chemicals) is concerned with the dynamic formation and management of virtual organisations in order to exploit market opportunities. The project aims to deliver the enabling technology to support the creation, operation and successful dissolution of such virtual organisations. A set of middleware technol...

full text

Access Control Model for Inter-organizational Grid Virtual Organizations

The grid has emerged as a platform that enables to put in place an inter-organizational shared space known as Virtual Organization. The Virtual Organization (VO) encompasses users and resources supplied by the different partners for achieving the VO’s creation goal. Though many works offer solutions to manage a VO, the dynamic, on the fly creation of virtual organizations is still a challenge. ...

full text

Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...

full text

A Semantic-Aware Attribute-Based Access Control Model for Web Services

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. Attribute-based access control (ABAC) is more appropriate than some other access control mechanisms, but it do not f...

full text

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}


Journal title

volume 7  issue 1

pages  27- 45

publication date 2015-01-01

By following a journal you will be notified via email when a new issue of this journal is published.

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023