A Flexible Architecture for Privacy-Aware Trust Management

Böhm, Klemens; Etalle, Sandro; Hartog, Jerry den; Hütter, Christian; Trabelsi, Slim; Trivellato, Daniel; Zannone, Nicola

doi:10.4067/s0718-18762010000200006

Cited by 17 publications

(13 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We will draw upon work from trust access control [17], and cost associated trust access control [4], in order to build a formal framework for specifying clear controls that prevent wrongful adaptation. For the implementation of SAAF, the intent is to rely on model driven engineering alongside self-adaptation as a potential means of autonomously managing authorization systems.…”

Section: Discussionmentioning

confidence: 99%

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Bailey

Chadwick

Lemos³

2011

2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

View full text Add to dashboard Cite

Abstract-Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the potential of self-adaptive authorization as a means to automate the management of the access control configuration. We propose a Self-Adaptive Authorization Framework (SAAF) that is capable of managing any policy based distributed RBAC/ABAC authorization infrastructure. SAAF relies on a feedback control loop to monitor decisions (by policy decision points) of a target authorization infrastructure. These decisions are analysed to form a view of the subject's behaviour to decide whether to adapt the target authorization infrastructure. Adaptations are made in order to either endorse or restrict the identified behaviour, e.g. by loosening or tightening the current authorization policy. We demonstrate in terms of representative scenarios SAAF's ability for detecting abnormal behaviour, such as, misuse of access to system resources, proposing solutions that either prevent/endorse such behaviour, applying a cost function to each of these solutions, and executing the adaptive changes against a target authorization infrastructure.

show abstract

Section: Discussionmentioning

confidence: 99%

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Bailey

Chadwick

Lemos³

2011

2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

View full text Add to dashboard Cite

show abstract

“…In addition, some implementations have been used as a backbone for XACML-based frameworks. For instance, Lazouski et al (2014) extend WOS2 Balana for the enforcement of usage control policies in distributed systems, while TAS3 Trust PDP (Böhm et al, 2010) extends SUN-XACML for the evaluation of trust policies. The XACML reference architecture, however, is underspecified, and existing XACML implementations of XACML may have slight variations based on implementation choices.…”

Section: Related Workmentioning

confidence: 99%

SAFAX â€“ An Extensible Authorization Service for Cloud Environments

et al. 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…The authorization infrastructure service has been tested with three different PDPs: Sun's XACML PDP [19], the PERMIS PDP and a behavioral trust PDP from TU-Eindhoven [20]. Each of these PDPs uses a different policy language.…”

Section: Implementation Detailsmentioning

confidence: 99%

A privacy preserving authorisation system for the cloud

Chadwick

Fatema

2012

Journal of Computer and System Sciences

View full text Add to dashboard Cite

In this paper we describe a policy based authorisation infrastructure that a cloud provider can run as an infrastructure service for its users. It will protect the privacy of users' data by allowing the users to set their own privacy policies, and then enforcing them so that no unauthorised access is allowed to their data. The infrastructure ensures that the users' privacy policies are stuck to their data, so that access will always be controlled by the policies even if the data is transferred between cloud providers or services. This infrastructure also ensures the enforcement of privacy policies which may be written in different policy languages by multiple authorities such as: legal, data subject, data issuer and data controller. A conflict resolution strategy is presented which resolves conflicts among the decisions returned by the different policy decision points (PDPs). The performance figures are presented which show that the system performs well and that each additional PDP only imposes a small overhead.

show abstract

A Flexible Architecture for Privacy-Aware Trust Management

Cited by 17 publications

References 36 publications

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

SAFAX â€“ An Extensible Authorization Service for Cloud Environments

A privacy preserving authorisation system for the cloud

Contact Info

Product

Resources

About