Secure resource sharing in dynamic ad-hoc collaborations

Due to the proliferation of the Internet and web based technologies, coalitions among organizations are increasingly short-lived and dynamic. They are, therefore, formed in an ad-hoc manner to serve a specific purpose using open environments that include web-services, grid computing and ubiquitous computing. In order for multiple organizations to share resources and execute collaborative processes in these coalition environments, efficient and secure solutions are needed to form and maintain the electronic collaborations. The objective of this dissertation research is to define methodologies to facilitate secure sharing in a dynamic coalition in an automatic manner. To this end, we make the following three research contributions:; First, we have proposed a suitable access control model for dynamic ad hoc coalitions. Secure sharing of resources requires that organizations be able to exercise fine-grained access control over the shared resources governed by their own local security policies. Although this may be accomplished by means of traditional access control and authentication mechanisms, they are difficult to administer when the partnerships and interactions are short-lived and constantly changing. This is because, using traditional access control would require explicit specification of authorizations for individual users within each member organization and changes would need to be painstakingly administered. Our approach automatically translates system level access control policies into implementation level policies using both centralized and distributed models. To facilitate the translation, we also introduce a process for deriving credential requirements that can be applied to unknown individuals who can prove that they are members of a coalition organization. This novel process uses semantics associated with the attributes of users and the resources for which they have permissions.; Secondly, we have advanced approaches for automatically discovering collaborative security policies from existing access control data. In particular, our approach attempts to translate local access control policies into a common role-based access control (RBAC) policy because RBAC is perceived to be policy neutral. It also does not require policies to be set on individual subjects for the coalition; an invaluable feature for coalitions that frequently change. Our policy mining approach builds from role mining, a technique to discover inherent roles from access control data by grouping permissions that are typically assigned to the same set of users.; Third, we have promoted approaches for securely executing processes that span organizational boundaries. In particular, our authorization and task vi assignment methodology allows individuals to be assigned to tasks taking into consideration separation of duty constraints, delegation and dependencies among the different steps of the process. In addition, we also considered context such as time and place as well as process history.; Forming coalitions is critical in many situations. Disparate groups need to cooperate in emergencies and disaster management. Military organizations need to form coalitions to support peacekeeping and humanitarian operations. Even businesses form coalitions for common business processes such as supply chains or joint marketing campaigns. The contribution of this dissertation is to ensure that electronic sharing of resources in support of the coalitions is clone securely.