A dynamic context-aware access control architecture for e-services

被引:26
作者
Kapsalis, Vassilis
Hadellis, Loukas
Karelis, Dimitris
Koubias, Stavros
机构
[1] ISI, Patras 26504, Greece
[2] Technol Educ Inst Patras, Patras 26334, Greece
[3] Univ Patras, Patras 26500, Greece
关键词
e-services; access control; web services; context-aware; authorization; UML;
D O I
10.1016/j.cose.2006.05.004
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The universal adoption of the Internet and the emerging web services technologies constitutes the infrastructure that enables the provision of a new generation of e-services and applications. However, the provision of e-services through the Internet imposes increased risks, since it exposes data and sensitive information outside the client premises. Thus, an advanced security mechanism has to be incorporated, in order to protect this information against unauthorized access. In this paper, we present a context-aware access control architecture, in order to support fine-grained authorizations for the provision of e-services, based on an end-to-end web services infrastructure. Access permissions to distributed web services are controlled through an intermediary server, in a completely transparent way to both clients and protected resources. The access control mechanism is based on a Role-Based Access Control (RBAC) model, which incorporates dynamic context information, in the form of context constraints. Context is dynamically updated and provides a high level of abstraction and presents a system that incorporates the proposed access control mechanism in a web services infrastructure that conform to the OPC XML-DA specification. (c) 2006 Elsevier Ltd. All rights reserved.
引用
收藏
页码:507 / 521
页数:15
相关论文
共 22 条
[1]   A content-based authorization model for digital libraries [J].
Adam, NR ;
Atluri, V ;
Bertino, E ;
Ferrari, E .
IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2002, 14 (02) :296-315
[2]  
Anderson A. H., 2004, 5 IEEE INT WORKSH PO
[3]  
ANIND KD, 2000, WORKSH WHAT WHO WHER
[4]  
[Anonymous], 2001, Web Services Description Language (WSDL) 1.1
[5]  
ARUN K, 2002, ACM SIGOPS OPER SYST, V36
[6]  
Bertino E., 2001, ACM Transactions on Information and Systems Security, V4, P191, DOI 10.1145/501978.501979
[7]  
BHATTI R, 2003, THESIS PURDUE U
[8]  
CHRISTOS KG, 2001, P 6 ACM S ACC CONTR
[9]   Towards Web Service access control [J].
Coetzee, M ;
Eloff, JHP .
COMPUTERS & SECURITY, 2004, 23 (07) :559-570
[10]  
COVINGTON MJ, 2002, P ANN COMP SEC APPL