Description
Access control has been historically recognized as an effective technique for ensuring that computer systems preserve important security properties. Recently, attribute-based

access control (ABAC) has emerged as a new paradigm to provide access mediation

by leveraging the concept of attributes: observable properties

Access control has been historically recognized as an effective technique for ensuring that computer systems preserve important security properties. Recently, attribute-based

access control (ABAC) has emerged as a new paradigm to provide access mediation

by leveraging the concept of attributes: observable properties that become relevant under a certain security context and are exhibited by the entities normally involved in the mediation process, namely, end-users and protected resources. Also recently, independently-run organizations from the private and public sectors have recognized the benefits of engaging in multi-disciplinary research collaborations that involve sharing sensitive proprietary resources such as scientific data, networking capabilities and computation time and have recognized ABAC as the paradigm that suits their needs for restricting the way such resources are to be shared with each other. In such a setting, a robust yet flexible access mediation scheme is crucial to guarantee participants are granted access to such resources in a safe and secure manner.

However, no consensus exists either in the literature with respect to a formal model that clearly defines the way the components depicted in ABAC should interact with each other, so that the rigorous study of security properties to be effectively pursued. This dissertation proposes an approach tailored to provide a well-defined and formal definition of ABAC, including a description on how attributes exhibited by different independent organizations are to be leveraged for mediating access to shared resources, by allowing for collaborating parties to engage in federations for the specification, discovery, evaluation and communication of attributes, policies, and access mediation decisions. In addition, a software assurance framework is introduced to support the correct construction of enforcement mechanisms implementing our approach by leveraging validation and verification techniques based on software assertions, namely, design by contract (DBC) and behavioral interface specification languages (BISL). Finally, this dissertation also proposes a distributed trust framework that allows for exchanging recommendations on the perceived reputations of members of our proposed federations, in such a way that the level of trust of previously-unknown participants can be properly assessed for the purposes of access mediation.
Reuse Permissions
  • Downloads
    PDF (7.4 MB)
    Download count: 1

    Details

    Title
    • Federated access management for collaborative environments
    Contributors
    Date Created
    2016
    Resource Type
  • Text
  • Collections this item is in
    Note
    • thesis
      Partial requirement for: Ph.D., Arizona State University, 2016
    • bibliography
      Includes bibliographical references (pages 165-173)
    • Field of study: Computer science

    Citation and reuse

    Statement of Responsibility

    by Carlos Ernesto Rubio Medrano

    Machine-readable links