Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong.

Published byRudolph Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong."— Presentation transcript:

1 Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong

2 Outline Collaborative Environments Access Control Requirements Access Control Models Assessment Conclusion

3 Collaborative Environments Facebook Code Repositories Webcourses

4 Access Control Requirements Applied at a distributed level Should be able to adapt Scalability Fine-grained control Exclusion of unauthorized users Easy specification of access rights Ability to dynamically change access policies Reasonable performance and resource cost

5 Outline Collaborative Environments Access Control Requirements Access Control Models Assessment Conclusion

6 Access Matrix Model Based on subjects and objects Reference monitor for checking access rights

7 Access Matrix Model (cont.) Implemented in Access Control Lists

8 Access Matrix Model (cont.) Shortcomings – Not complex enough – No ability to dynamically change policy – Can’t address objects not owned by users

9 Roll-Based Access Control (RBAC) Permissions assigned to roles rather than users Users associated to roles More scalable Shortcomings – Roles are too static

10 Task-Based Access Control (TBAC) Derivative of subject-object model Contains information based on task Access granted in steps related to the task Active model Shortcomings – Context only based on task progression – Management, delegation, revocation are not covered – Not very applicable outside enterprise May use roles as an interface

11 Team-Based Access Control (TMAC) Similar to RBAC Covers case when different roles collaborate together User context describes user’s role in team Shortcomings – Hasn’t fully been developed

12 Team-Based Access Control

13 Spatial Access Control Divides collaboration environment into regions User credentials used to determine access Shortcomings – Only navigational access requirements – Must divide application into regions

14 Context-Aware Access Control Extension of RBAC Environment roles defined at time of activation Shortcomings – Hasn’t been fully developed/tested

15 Outline Collaborative Environments Access Control Requirements Access Control Models Assessment Conclusion

16 Assessment Criteria – Complexity – Transparency – Ease of use – Applicability – Collaboration Support – Policy Specification – Policy Enforcement – Fine Grained Control – Active/Passive – Contextual

17 Assessment

18 Conclusion Roles are well accepted Importance of context Active systems are preferable Scalability required

Download ppt "Access Control in Collaborative Systems William Tolone, Gail-Joon Ahn, Tanusree Pai & Seng-Phil Hong."

Similar presentations

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
EuropeAid PARTICIPATORY SESSION 2: Managing contract/Managing project… Question 1 : What do you think are the expectations and concerns of the EC task.

EuropeAid PARTICIPATORY SESSION 2: Managing contract/Managing project… Question 1 : What do you think are the expectations and concerns of the EC task.
Additionality in the context of PoA –Summary of Task Group Issues identified in the plenary a)Additionality at the PoA level How to construct sufficient.

Additionality in the context of PoA –Summary of Task Group Issues identified in the plenary a)Additionality at the PoA level How to construct sufficient.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
TU e technische universiteit eindhoven / department of mathematics and computer science Specification of Adaptive Behavior Using a General- purpose Design.

TU e technische universiteit eindhoven / department of mathematics and computer science Specification of Adaptive Behavior Using a General- purpose Design.
1 Usability Test Plans CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology April 20, 2007.

1 Usability Test Plans CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology April 20, 2007.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.

CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.
Semantic Web services selection based on context information Hong Qing Yu Department of Computer Science 22th May 2007.

Semantic Web services selection based on context information Hong Qing Yu Department of Computer Science 22th May 2007.
PPA Advisory Board Meeting, May 12, 2006 Assessment Summary.

PPA Advisory Board Meeting, May 12, 2006 Assessment Summary.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill.

Controlling Collaborative Systems -Srinivas Krishnan Dept of Computer Science UNC-Chapel Hill.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Similar presentations

Ads by Google