Research On Access Control Based On Usage Control In Collaborative Computing Environments

In order to implement resource sharing, work together, collaboration computing gathers all kinds of computing, data, and software resources and system and provides synthesis service for user around network. System security will be faced with austere challenges in open and collaboration environment and access control is a key factor. Traditional access control models are developed for concentration environment and are difficult to apply into open and collaboration environment. Based on trust management (TM), extension of role-based access control and context aware technologies, some research work has been done. Unfortunately, there remain many challenging problems. So some key technologies of access control in open and collaboration environments are investigated in the thesis.In today's dynamic distributed digital environment, traditional one-way control no longer provides adequate trustworthiness. Based on the usage control model, a comprehensive access control model called Administrative Usage Control model (AUCON) model is proposed, which resolves access control problem for Parallel Control, Series Control and Usage Control. This model provides a formal model which can control the provider subject to issue ticket for consumer subject and monitor the access of consumer to privacy-sensitive object. The architecture section presents formal structural ways in which appropriate mechanisms can be implemented to achieve predefined security objectives. The problem is described in detail from security Object and security Model to Architecture and Mechanisms and this layered approach provides a whole effective security solution for privacy protection problem.The heterogeneous, dynamic and self-governing in local domain nature of multi-domains environments introduces challenging security issues. Despite the recent advances in access control approaches applicable to secure interoperability between multi-domains, there remain issues that to perform role-based access control model in one domain and implement security interoperability by translating role of foreign domain to local role. Amongst them are the lacks of uniform administration for role of foreign and local domain. An access control scheme named Administrative Usage Control (AUCON) are proposed, which corrects the security shortcoming of previous model and administrates user-role assignment for local and foreign domain with untie method. This model provides flexible enough mechanism to distinguish user of foreign and local domain and enforces more strict control for foreign user, while retaining the advantages of traditional RBAC model. Due to inherent heterogeneity, complicated interoperability mechanism and highly dynamic nature, grid environment requires scalable, flexible, and fine-gained access control mechanism. Despite the recent advances in access control for grid application do address important aspects of the overall authorization, these efforts focus on the pre-defined access control policies where authorization depends on identity or role of the subject. However, they are lacks of flexible approaches to adapt the dynamically security request. Based on usage control model, a dynamic access control model named Dynamic Context_aware Grid Usage Control model (DC_GUCON) are proposed. In this model, authorization component evaluates access requests based on subject attributes, object attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information collected from the user and system environments. As a proof-of-concept, a prototype system based on this architecture are developed and implemented to demonstrate the feasibility and performance of this model.Pervasive computing is the integration of cyberspace and physical space. In this incorporated space, users can obtain digital services non-intrusively anytime and anywhere. However, the ubiquitous and mobile environment introduces a new security challenge and traditional security mechanisms are not suited for problems occur in pervasive computing environment. A access control model named Pervasive computing Context_aware Usage Control model (PC_UCON) are proposed, which extends usage control model and resolves authentication with automated trust negotiation technologies. In this model, authorization component actualizes authorization manager based on static security attributes and requests. While conditions component dynamic grants and adapts permission to the subject based on a set of contextual information. .