A Model of Workflow-oriented Attributed Based Access Control

Full Text (PDF, 241KB), PP.47-53

Views: 0 Downloads: 0

Author(s)

Guoping Zhang 1,* Jing Liu 1

1. School of Computer & Communication Engineering, China University of Petroleum, Dong Ying, China

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2011.01.07

Received: 24 Feb. 2010 / Revised: 19 Jun. 2010 / Accepted: 5 Sep. 2010 / Published: 8 Feb. 2011

Index Terms

Internet of Things, Service-Oriented, Access Control, Task, Attribute, SAML, XACML

Abstract

The emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC), and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.

Cite This Paper

Guoping Zhang, Jing Liu, "A Model of Workflow-oriented Attributed Based Access Control", International Journal of Computer Network and Information Security(IJCNIS), vol.3, no.1, pp.47-53, 2011. DOI:10.5815/ijcnis.2011.01.07

Reference

[1]International Telecommunication Union UIT, “ITU Internet Reports 2005:The Internet of Things,” 2005.
[2]Carlo Maria Medaglia and Alexandru Serbanati, “An Overview of Privacy and Security Issues in the Internet of Things,” The Internet of Things:20th Tyrrhenian Workshop on Digital Communications, DOI 10.1007/978-1-4419-1674-7_38, pp. 389–395, 2010.
[3]Papazoglou M.P, “Service-oriented computing: Concepts, Characteristics and directions,” In: Proceedings of the 4th International Conference on Web Information Systems Engineering, 2003.
[4]Michael N.Huhns and Munindar P.Singh, “Service-Oriented Computing: Key Concepts and Principles,” IEEE Internet Computing, February 2005, pp. 75–81.
[5]W3C Working Group Note, “Web Services Architecture,” l1 February 2004.
[6]Patrik Spiess and Stamatis Karnouskos, “SOA-based Integration of the Internet of Things in Enterprise Services,” IEEE International Conference on Web Services, 2009.
[7]Sven Siorpaes et al., “Mobile Interaction with the Internet of Things,” In Adjunct Proceedings of the 4th International Conference on Pervasive Computing (Pervasive 2006), ISBN 3-85403-207-2, May 2006.
[8]Eric Yuan and Jin Tong, “Attributed Based Access Control (ABAC) for Web Services,” Proceedings of the IEEE International Conferenceon Web Services (ICWS 05), 2005, pp.560–569.
[9]R.K.Thomas and R.S.Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management,” Proceedings of the IFIP WG11.3 Workshop on Database Security, Auguest 1997.
[10]http://www.oasis-open.org/committees/tc_home.php?wg_ abbrev=security
[11]http://www.oasis-open.org/committees/tc_home.php?wg_ abbrev=xacml
[12]Han Tao, “XACML-based Access Contorl Model for Web Service,”Wireless Communications Networking and Mobile Computing 2005 Proceedings, 2005.9, pp. 1140–1144.
[13]Markus Lorch, Dennis Kafura, and Sumit Shah, “An XACML-based policy management and authorization service for globus resources,” Grid Computing 2003 Proceedings, 2003.11, pp. 208–210.
[14]Torsten Priebe, Wolfgang Dobmeier, Christian Schläger, and Nora Kamprath, “Supporting Attribute-based Access Control in Authorization and Authentication Infrastructures with Ontologies,” Proceedings of the First International Conference on Availability,Reliability and Security (ARES 06), April 2006.
[15]Ravi S. Sandhu et al., “Role-Based Access Control Models,” IEEE Computer, February 1996, pp. 38–47.
[16]SHEN Haibo and HONG Fan, “A Context-Aware Role-Based Access Control Model for Web Services,” Proceedings of the 2005 IEEE International Conference on e-Business Engineering (ICEBE 05).
[17]Xu Feng, Lin Guoyuan, Huang Hao, and Xie Li, “Role-based Access Control System for Web Services,” Proceedings of the Fourth International Conference on Computer and Information Technology (CIT 04).
[18]Xiangning Zhou and Zhaolong Wan, “An Access Control Model of Workflow System Integrating RBAC and TBAC,” In IFIP International Federation for Information Processing, vol. 252, 2007, pp.246–251.
[19]R. Bhatti, E. Bertino, and A. Ghafoor, “A Trust-based Context-Aware Access Control Model for Web Services,” IEEE International Conference on Web Services (ICWS’04) Proceedings, March 2004.
[20]Min Wu, Jiaxun Chen and Yongsheng Ding, “Study on Role-Based Access Control Model for Web Services and its Application,” Proceedings of the 5th WSEAS International Conference on Telecommunications and Informatics, May 27-29, 2006, pp. 41–45.
[21]Manachai Toahchoodee et al., “A Trust-Based Access Control Model for Pervasive Computing Applications,” Data and Applications Security 2009, LNCS 5645, pp. 307–314, 2009.
[22]http://www.isso.sparta.com/documents/
[23]Lingyu Wang, Duminda Wijesekera and Sushil Jajodia, “A logic-based framework for attribute based access control,” Proceedings of the 2004 ACM workshop on Formal methods in security engineering, ISBN: 1-58113-971-3, 2004.