Autonomic computing and communication has become a new paradigm for dynamic service integration and resource sharing in today's ambient networks. Devices and systems need to dynamically collaborate and federate with little known or even unknown parties in order to perform everyday tasks. Those devices and systems act as independent nodes that autonomously manage and enforce their own security policies.
Thus in autonomic pervasive communications clients may not know a priori what access rights they need in order to execute a service nor service providers know a priori what credentials and privacy requirements clients have so that they can take appropriate access decisions.
To solve this problem we propose a negotiation scheme that protects security and privacy interests with respect to information disclosure while still providing effective access control to services. The scheme proposes a negotiation protocol that allows entities in a network to mutually establish sufficient access rights needed to grant a service.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Essentially, we take all constants and functions appearing in the program and combine them in all possible ways. This yields the Herbrand universe. Those terms are then used to replace variables in all possible ways thus building its ground instantiation [14].
The stepwise approach may require a client to provide credentials that are not directly related to a specific resource but needed for a fine-grained disclosure control.
REFERENCES
M. Sloman and E. Lupu, Policy specification for programmable networks. In Proc. of the 1st Intl. Working Conference on Active Networks, pp. 73–84. Springer-Verlag, 1999.
L. Lymberopoulos, E. Lupu, and M. Sloman, An adaptive policy based framework for network services management, Journal of Network and Systems Management, Vol. 11, No. 3, pp. 277–303, 2003, Plenum Press.
M. Smirnov, Rule-based systems security model. In Proc. of MMM-ACNS, pp. 135–146, 2003, Springer-Verlag Press.
S. De Capitani di Vimercati and P. Samarati, Access control: Policies, models, and mechanism. In R. Focardi and F. Gorrieri (eds.), Foundations of Security Analysis and Design, Vol. 2171 of LNCS. Springer-Verlag Press, 2001.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-based access control models, IEEE Computer, Vol. 39, No. 2, pp. 38–47, 1996.
SPKI, SPKI certificate theory, 1999. IETF RFC 2693. Available from http://www.ietf.org/rfc/rfc2693.txt.
N. Li and J. C. Mitchell, RT: A role-based trust-management framework. In Proc. of DISCEX III Conf., pp. 201–212, 2003, IEEE press.
P. Bonatti and P. Samarati, A unified framework for regulating access and information release on the web, Journal of Computer Security, Vol. 10, No. 3, PP. 241–272, 2002.
T. Yu, M. Winslett, and K. E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security, Vol. 6, No. 1, pp. 1–42, 2003.
T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation. In Proc. IEEE Symposium on Security and Privacy, pp. 110–122, May 2003 IEEE press.
H. Koshutanski and F. Massacci, Interactive access control for Web Services. In Proc. of IFIP Information Security Conference, pp. 151–166, 2004, Kluwer.
H. Koshutanski and F. Massacci, Interactive credential negotiation for stateful business processes. In Proc. of iTrust Conference, pp. 257–273, 2005, Springer-Verlag Press.
H. Koshutanski and F. Massacci, Abduction and deduction in logic programming for access control for autonomic systems. Tech. Report, DIT-05-053, University of Trento, July 2005. http://eprints.biblio.unitn.it/archive/00000821/01/053.pdf.
K. Apt, Logic programming. In J. van Leeuwen (ed.), Handbook of Theoretical Computer Science. Elsevier, 1990.
M. Gelfond and V. Lifschitz, The stable model semantics for logic programming. In Proc. of the 5th International Conference on Logic Programming, pp. 1070–1080, 1988, MIT-Press.
ACKNOWLEDGMENTS
This work was partly supported by the projects: 2003-S116-00018 PAT-MOSTRO, 016004 IST-FP6-FET-IP-SENSORIA, 27587 IST-FP6-IP-SERENITY, 038978 EU-MarieCurie-EIF-iAccess, 034744 EU-INFSO-IST ONE, 034824 EU-INFSO-IST OPAALS.
Author information
Authors and Affiliations
Additional information
Hristo Koshutanski has a PhD in Computer Science from the University of Trento, Italy. He holds the SATIN-EDRF award for doctoral research in 2005. In 2006 he won a EU Marie Curie Fellowship. He is a Research Associate at the University of Malaga, Spain. His research interests include distributed system security, trust management, access control models and authorization policies.
Fabio Massacci is full professor in Informatics at the University of Trento, Italy, and guest scientist at SINTEF, Norway. He was a visiting researcher at IRIT—Toulose, France, assistant professor at the Univ. of Siena, post doctoral fellow and got a PhD at the Univ. of Roma I “La Sapienza” in 1998. His main research interests are Computer Security, Formal Verification, and Requirements Engineering. He published a number of articles on international conferences and journals and is responsible for a number of EU and national research grants. He is rectors's delegate for ICT procurements and services. He is member of ACM and IEEE.
Rights and permissions
About this article
Cite this article
Koshutanski, H., Massacci, F. A Negotiation Scheme for Access Rights Establishment in Autonomic Communication. J Netw Syst Manage 15, 117–136 (2007). https://doi.org/10.1007/s10922-006-9057-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-006-9057-2