Protecting information sharing in distributed collaborative environment

PhD Thesis

Li, Min. 2010. Protecting information sharing in distributed collaborative environment. PhD Thesis Doctor of Philosophy. University of Southern Queensland.
Title

Protecting information sharing in distributed collaborative environment

TypePhD Thesis
Authors
AuthorLi, Min
SupervisorWang, Hua
Plank, Ashley
Institution of OriginUniversity of Southern Queensland
Qualification NameDoctor of Philosophy
Number of Pages168
Year2010
Abstract

This thesis focuses on three aspects (i.e., role-based access control, role-based delegation and privacy-aware access control) of developing a systematic methodology for information sharing in distributed collaborative environments. We develop techniques for setting up secure
group communication and providing accesses to group members for many database systems, which incorporate new security constrains and policies raised by current information technologies. We create new forms of access control models to identify and address issues of sharing information in collaborative environments and to specify and enforce privacy protection rules to support identified issues.

In role based access control systems (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. This greatly simplifies management of permissions. Roles are created for various job functions in an organization and users are assigned roles based on their
responsibilities and qualifications. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed. The principal motivation of RBAC is to simplify administration. In large organizations the number of roles can be in the hundreds or thousands, and users can
be in the tens or hundreds of thousands, maybe even millions. Effective management of permission-role assignment could be very useful in practice to avoid the security breach, especially when conflicting permissions granted to the same role. Constraints are an important
aspect of RBAC and are a powerful mechanism for laying out higher level organizational policy. Even for the usage control (UCON) model, constraints are discussed less and no formal language is proposed to describe constraints precisely. An appealing is to study constraints
formally in RBAC and UCON models. Our work looks at proposing formal approaches to check conflicts and help allocate permissions without compromising security in RBAC and proposing a formal language to specify constraints for system designers and administrators in UCON models.

Delegation requirement arises when a user needs to act on another’s behalf to access resources. Essentially, in a multi-agent system, delegation becomes the primary mechanism
of inter-agent collaboration and cooperation. However, the previous delegation model could not work efficiently in large systems and perform the sensitive delegation task within the broad area of security. In this thesis, we introduce a flexible ability-based delegation model
within RBAC. Moreover, to avoid risk during the delegation process, we propose a secure multi-level delegation model, where a projection between the reliability of delegatees and
the sensitivity of delegated tasks is built. Our multi-level delegation model allows that a delegatee in a higher trust level can be assigned with a higher level task.

With the widespread use of information technology, privacy protection becomes a major concern and it could not be easily achieved by traditional access control models. In this thesis, we propose a privacy-aware access control model with generalization boundaries, which could maximize data usability while, minimizing disclosure of privacy. Moreover, our privacy-aware access control model provides a much finer level of control. Although Hippocratic database enforced the fine-grained disclosure policy through creating a privacy authorization table, but it does not allow to distinguish which particular method is used
for fulfilling a service in a real world case. We use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process, in which one can determine the minimum disclosure of data for fulfilling the root purpose with respect to customer’s maximum trust. We provide efficient algorithms to automatically derive the optimal way of authorizations needed to achieve a service from enterprise privacy policies.

Keywordsinformation sharing; distributed colaboration
ANZSRC Field of Research 2020460908. Information systems organisation and management
469999. Other information and computing sciences not elsewhere classified
Byline AffiliationsDepartment of Mathematics and Computing
Permalink -

https://research.usq.edu.au/item/q0x1z/protecting-information-sharing-in-distributed-collaborative-environment

Log in to edit

Download files

Published Version
Li_2010_whole.pdf
File access level: Anyone

  • 2001
    total views
  • 375
    total downloads
  • 2
    views this month
  • 1
    downloads this month

Export as

Related outputs

Effect of annealing temperature on the corrosion behavior of duplex stainless steel studied by in situ techniques
Guo, L. Q., Li, M., Shi, X. L., Yan, Y., Li, X. Y. and Qiao, L. J.. 2011. "Effect of annealing temperature on the corrosion behavior of duplex stainless steel studied by in situ techniques." Corrosion Science. 53 (11), pp. 3733-3741. https://doi.org/10.1016/j.corsci.2011.07.019
Multi-level delegations with trust management in access control systems
Li, Min, Sun, Xiaoxun, Wang, Hua and Zhang, Yanchun. 2012. "Multi-level delegations with trust management in access control systems." Journal of Intelligent Information Systems. 39 (3), pp. 611-626. https://doi.org/10.1007/s10844-012-0205-8
A family of enhanced (L,alpha) diversity models for privacy preserving data publishing
Sun, Xiaoxun, Li, Min and Wang, Hua. 2011. "A family of enhanced (L,alpha) diversity models for privacy preserving data publishing." Future Generation Computer Systems: the international journal of grid computing: theory, methods and applications. 27 (3), pp. 348-356. https://doi.org/10.1016/j.future.2010.07.007
Privacy aware access control with trust management in web service
Li, Min, Sun, Xiaoxun, Wang, Hua, Zhang, Yanchun and Zhang, Ji. 2011. "Privacy aware access control with trust management in web service." World Wide Web. 14 (4), pp. 407-430. https://doi.org/10.1007/s11280-011-0114-8
Trust-based access control for privacy protection in collaborative environment
Li, Min, Wang, Hua and Ross, David. 2009. "Trust-based access control for privacy protection in collaborative environment." ICEBE 2009: IEEE International Conference on e-Business Engineering . Macau, China 21 - 23 Oct 2009 United States. https://doi.org/10.1109/ICEBE.2009.66
Optimal privacy-aware path in hippocratic databases
Li, Min, Sun, Xiaoxun, Wang, Hua and Zhang, Yanchun. 2009. "Optimal privacy-aware path in hippocratic databases." Zhou, X. (ed.) DASFAA 2009: 14th International Conference on Database Systems for Advanced Applications. Brisbane, Australia 21 - 23 Apr 2009 Germany. Springer. https://doi.org/10.1007/978-3-642-00887-0_39
ABDM: an extended flexible delegation model in RBAC
Li, Min and Wang, Hua. 2008. "ABDM: an extended flexible delegation model in RBAC." Wu, Qiang and He, Xiangjian (ed.) 8th IEEE International Conference on Computer and Information Technology. Sydney, Australia 08 - 11 Jul 2008 United States. https://doi.org/10.1109/CIT.2008.4594707
Advanced permission-role relationship in role-based access control
Li, Min, Wang, Hua, Plank, Ashley and Yong, Jianming. 2008. "Advanced permission-role relationship in role-based access control." Mu, Yi, Susilo, Willy and Seberry, Jennifer (ed.) ACISP 2008: 13th Australasian Conference on Information Security and Privacy . Wollongong, Australia 07 - 09 Jul 2008 Germany. Springer. https://doi.org/10.1007/978-3-540-70500-0-29
Specifying usage control model with object constraint language
Li, Min and Wang, Hua. 2010. "Specifying usage control model with object constraint language." NSS 2010: 4th International Conference on Network and System Security . Melbourne, Australia 01 - 03 Sep 2010 Piscataway, NJ. United States. https://doi.org/10.1109/NSS.2010.10
Privacy-aware access control with generalization boundaries
Li, Min, Wang, Hua and Plank, Ashley. 2009. "Privacy-aware access control with generalization boundaries." Mans, Bernard (ed.) 32nd Australasian Computer Science Conference (ACSC 2009). Wellington, New Zealand 19 - 23 Jan 2009 Sydney, Australia.
Protecting information sharing in distributed collaborative environment
Li, Min and Wang, Hua. 2008. "Protecting information sharing in distributed collaborative environment." 10th Asia-Pacific Web Conference (APWeb 2008). Shenyang, China 26 - 28 Apr 2008 Berlin, Germany. Springer. https://doi.org/10.1007/978-3-540-89376-9-19
An efficient hash-based algorithm for minimal k-anonymity
Sun, Xiaoxun, Li, Min, Wang, Hua and Plank, Ashley. 2008. "An efficient hash-based algorithm for minimal k-anonymity." Dobbie, Gillian and Mans, Bernard (ed.) ACSC 2008: 31st Australasian Computer Science Conference. Wollongong, Australia 22 - 25 Jan 2008 Sydney, Australia.