Enhancing access-control with risk-metrics for collaboration on social cloud-platforms

Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015

Volumn 1, Issue , 2015, Pages 864-871

  Bouchami, Ahmed ^a   Goettelmann, Elio ^a,b   Perrin, Olivier ^a   Godart, Claude ^a  

^a UNIVERSITÉ DE LORRAINE   (France)

^b LUXEMBOURG INSTITUTE OF SCIENCE AND TECHNOLOGY   (Luxembourg)

Author keywords

Access Control; Collaboration; Context; Professional Social Networking; PSN; Risk; Security

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; RISKS; SOCIAL NETWORKING (ONLINE); SOCIAL SCIENCES COMPUTING;

ACCESS CONTROL POLICIES; COLLABORATION; COLLABORATION PLATFORMS; CONTEXT; DYNAMIC ENVIRONMENTS; EXCHANGE OF INFORMATION; FINE GRAINED POLICIES; SECURITY;

ACCESS CONTROL;

EID: 84966930566     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/Trustcom.2015.458     Document Type: Conference Paper

References (33)

1. J. Rifkin, "Lage de lacces," La révolution de la nouvelle économie, p. 177, 2000.
2. R. D. Rowley, "Professional social networking," Current psychiatry reports, vol. 16, no. 12, pp. 1-6, 2014.
3. C. M. Hoadley and P. G. Kilner, "Using technology to transform communities of practice into knowledge-building communities," ACM SIGGROUP Bulletin, vol. 25, no. 1, pp. 31-40, 2005.
4. E. Zahoor, O. Perrin, and A. Bouchami, "Catt: A cloud based authorization framework with trust and temporal aspects," in Collaborative Computing: Networking, Applications and Worksharing (Collaborate-Com), 2014 International Conference on. IEEE, 2014, pp. 285-294.
5. D. Hardt, "The oauth 2.0 authorization framework," 2012.
6. D. F. Ferraiolo and D. R. Kuhn, "Role-based access controls," arXiv preprint arXiv:0903.2171, 2009.
7. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed nist standard for role-based access control," ACM Transactions on Information and System Security (TISSEC), vol. 4, no. 3, pp. 224-274, 2001.
8. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Rolebased access control models," Computer, vol. 29, no. 2, pp. 38-47, 1996.
9. R. S. Sandhu, "Role-based access control," Advances in computers, vol. 46, pp. 237-286, 1998.
10. S. S. Shim, G. Bhalla, and V. Pendyala, "Federated identity management," Computer, vol. 38, no. 12, pp. 120-122, 2005.
11. G. Zhang and M. Parashar, "Context-aware dynamic access control for pervasive applications," in Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference, 2004, pp. 21-30.
12. D. Kulkarni and A. Tripathi, "Context-aware role-based access control in pervasive computing systems," in Proceedings of the 13th ACM symposium on Access control models and technologies. ACM, 2008, pp. 113-122.
13. Y.-G. Kim, C.-J. Mon, D. Jeong, J.-O. Lee, C.-Y. Song, and D.-K. Baik, "Context-aware access control mechanism for ubiquitous applications," in Advances in Web Intelligence. Springer, 2005, pp. 236-242.
14. M. J. Covington, W. Long, S. Srinivasan, A. K. Dev, M. Ahamad, and G. D. Abowd, "Securing context-aware applications using environment roles," in Proceedings of the sixth ACM symposium on Access control models and technologies. ACM, 2001, pp. 10-20.
15. National Institute of Standards and Technology, "Information Security-Guide for Conducting Risk Assessments," 2002.
16. N. Mayer, "Model-based Management of Information System Security Risk," Ph.D. dissertation, University of Namur, Apr. 2009. [Online]. Available: http://tel.archives-ouvertes.fr/tel-00402996
17. "AS/NZS 4360 SET Risk Management, Australian/New Zealand Standards," 2004.
18. C. M. Johnson, "A survey of current research on online communities of practice," The internet and higher education, vol. 4, no. 1, pp. 45-60, 2001.
19. G. Zacharia, "Collaborative reputation mechanisms for online communities," Ph.D. dissertation, Massachusetts Institute of Technology, 1999.
20. V. Cahill, "Using trust for secure collaboration in uncertain environments," 2003.
21. Q. Ni, E. Bertino, and J. Lobo, "Risk-based access control systems built on fuzzy inferences," in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 2010, pp. 250-260.
22. I. Molloy, L. Dickens, C. Morisset, P.-C. Cheng, J. Lobo, and A. Russo, "Risk-based security decisions under uncertainty," in Proceedings of the second ACM conference on Data and Application Security and Privacy. ACM, 2012, pp. 157-168.
23. S. Damen, J. den Hartog, and N. Zannone, "Collac: Collaborative access control," in Collaboration Technologies and Systems (CTS), 2014 International Conference on. IEEE, 2014, pp. 142-149.
24. E. Rissanen, "extensible access control markup language (xacml) version 3.0," 2013.
25. G. Bruns, P. W. Fong, I. Siahaan, and M. Huth, "Relationship-based access control: its expression and enforcement through hybrid logic," in Proceedings of the second ACM conference on Data and Application Security and Privacy. ACM, 2012, pp. 117-124.
26. Y. Chen and B. Malin, "Detection of anomalous insiders in collaborative environments via relational analysis of access logs," in Proceedings of the first ACM conference on Data and application security and privacy. ACM, 2011, pp. 63-74.
27. B. Carminati and E. Ferrari, "Collaborative access control in on-line social networks," in Collaborative computing: networking, applications and worksharing (CollaborateCom), 2011 7th international conference on. IEEE, 2011, pp. 231-240.
28. B. Carminati, E. Ferrari, and A. Perego, "Enforcing access control in web-based social networks," ACM Trans. Inf. Syst. Secur., vol. 13, no. 1, 2009. [Online]. Available: http://doi.acm.org/10.1145/1609956.1609962
29. A. A. E. Kalam, R. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, and G. Trouessin, "Organization based access control," in Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on. IEEE, 2003, pp. 120-131.
30. F. Cuppens and A. Miege, "Administration model for or-bac," in On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops. Springer, 2003, pp. 754-768.
31. A. A. El Kalam and Y. Deswarte, "Multi-orbac: A new access control model for distributed, heterogeneous and collaborative systems," in 8th IEEE International Symposium on Systems and Information Security, 2006.
32. S. Kandala, R. Sandhu, and V. Bhamidipati, "An attribute based framework for risk-adaptive access control models," in Availability, Reliability and Security (ARES), 2011 Sixth International Conference on. IEEE, 2011, pp. 236-241.
33. N. Dimmock, J. Bacon, D. Ingram, and K. Moody, "Risk models for trust-based access control (tbac)," in Trust Management. Springer, 2005, pp. 364-371.