Research Projects

Access Control Management & Security In a Multidomain Environment

Funded By

National Science Foundation

(Information & Data Management)

People involved
    Professors

Arif Ghafoor (PI), Electrical and Computer Engineering, Purdue Unviersity

Eugene H. Spafford (Co-PI), Professor of Computer Sciences and Director of Center for Education and Research in Information Assurance and Security, Purdue University

    Research Staff

Elisa Bertino, Dipartimento di Scienze dell' Informazione, Universita di Milano, Milano, Italy

    Students

Basit Shafiq

James B. D. Joshi

Rafae Bhatti

Abstract

This project will develop a comprehensive framework for security management using access control models for distributed applications in a heterogeneous multidomain environment. Such systems are expected to play a critical role in a broad range of Web-based applications. The proposed framework will be built upon role-based access control (RBAC) models. The use of roles for security management has several well-recognized advantages. Noted among them is their flexibility in representing key organizational functions while directly supporting the security policies of an organization. Due to the dynamic nature of distributed applications and the heterogeneity aspects of the underlying multidomain environment, development of the proposed framework poses several daunting challenges. The main challenges addressed in this proposal include:

the development of a Petri-net based dynamic RBAC model that incorporates time constraints. This task also includes modeling a variety of security policies and developing efficient analytical techniques for evaluating the correctness criteria for this model.

the development of an RBAC formalism that ensures secure interoperability in a heterogeneous multidomain environment for supporting distributed applications. This task also includes designing optimal mediation policies to manage conflicts among domain roles and tasks belonging to applications.

Publications

    Book

James B. D. Joshi, Arif Ghafoor, “Designing Secure Systems: A Pragmatic Approach”, in preparation.

    Accepted Papers

Basit Shafiq, James B. D. Joshi, Elisa Bertino, and Arif Ghafoor, “ Secure Interoperation in a Multidomain Environment Employing RBAC Policies,” IEEE Transactions on Knowledge and Data Engineering, Vol. 17, No. 11, November 2005, pp. 1557-1577. (PDF) (appendix)

Mohamed Shehab, Elisa Bertino, and Arif Ghafoor, "Secure Collaboration in Mediator-Free Environments," 12th ACM Conference on Computer and Communication Security (CCS), Alexendria, Virginia, November 2005 (PDF)

Rafae Bhatti, Basit Shafiq, Mohammed Shehab, and Arif Ghafoor, "Distributed Access Management in Multimedia IDCs," IEEE Computer, September 2005 (PDF)

James B. D. Joshi, Elisa Bertino, Arif Ghafoor, Usman Latif, “ Analysis of Expressiveness and Design Issues for a Temporal Role Based Access Control Model,” IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 2, April-June 2005, pp. 157-175 (PDF).

James B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor, “Generalized Temporal Role Based Access Control Model, ” IEEE Transactions on Knowledge and Data Engineering, Vol. 17, No. 1, January 2005, pp. 4-23 (PDF).

Mohammed Shehab, Elisa Bertino, and Arif Ghafoor, " SERAT: Secure Role Mapping Technique for Decentralized Secure Interoperability," 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005, pp. 159-167, (PDF)

Basit Shafiq, James B. D. Joshi, Ammar Masood, and Arif Ghafoor, “A Role-Based Access Control Policy Verification Framework for Real-Time Systems,” 10th IEEE Workshop on Object-Oriented Real-Time Dependable Systems, Sedona, Arizona, February 2005, pp. 13-20 (PDF).

James B. D. Joshi, Elisa Bertino, Basit Shafiq, Arif Ghafoor, “Dependencies and Separation of Duty Constraints in GTRBAC”, 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003. (PDF)

James B. D. Joshi, Elisa Bertino, Arif Ghafoor, "Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model,” 26th Annual International Computer Software and Applications Conference Workshop, (COMPSAC 2002 Workshop), Oxford, England, 26-29th August, 2002, pp. 951-956. (PDF)

James B. D. Joshi, Elisa Bertino, Arif Ghafoor, “Temporal Hierarchy and Inheritance Semantics for GTRBAC,” 7th ACM Symposium on Access Control Models and Technologies, June 3-4, 2002, Moterey, CA, pp 74-83. (PDF)

    Submitted Papers

James B. D. Joshi, Elisa Bertino, Arif Ghafoor “Hybrid Temporal Role Hierarchies in GTRBAC,” Submitted to ACM Transactions on Information and System Security.