An access control perspective to sharing data in a federation (PhD)

Abstract

Digital objects such as documents, images, and other media are shared between users belonging to different organisations. A federation refers to one model of interaction of independent organisations for data sharing. It involves each organisation carrying out its local functions independently based on its internal policies, yet respecting federation contracts when it comes to handling data shared by other organisations. Rural Business Process Outsourcing (RBPO), Multi-Institution Course Management System (MI-CMS) and Media Streaming Service (MSS) are some examples of federation. Data access by users across organisations in a federation takes place over the Internet. In RBPO scenarios, users are geographically distributed throughout the country in cities, towns and villages. In MI-CMS instructors and students belong to different geographically separated organisations and are connected over network. Media is stored on cloud servers in MSS scenarios and accessed by users connecting from different locations over the Internet. In these scenarios network intermittency becomes a serious problem limiting access, affecting the timely access of data by users. The network can become intermittent as the result of a physical link failure or due to administrative policies which may disallow external access during certain periods of time. The last mile access is often through wireless. Thus, the network becomes unavailable many times and even if available, signal strength is mostly low and is shared by many users. Data provided by an organisation differ in value based on the nature of the application. The patient health-sheet and medical report provided by a health-care organisation has high value. On the other hand, a book outsourced for translation from one language to another has low value. In some applications an object is decomposed into smaller parts before sharing. The value of an individual object gets further reduced by decomposing it into smaller objects. Each of these parts can then be assigned to different users for carrying out different tasks. Once the task is done these parts are composed together. This decomposition allows multiple users to perform tasks in parallel on parts of the same object, thereby improving the task completion time. Furthermore, since each user has access to only a part of a complete object, the amount of information leakage per user gets reduced. Shared data is protected from unauthorised access based on the access control policy of the owner organisation. An access control model is a formal representation of the high level access control policy and aids the analysis of security properties exhibited by the access control system. This thesis addresses the security challenges in federations where low value data are shared between users belonging to different organisations in the presence of network intermittency and proposes solutions for the same. Furthermore, independent organisations participating in a federation have their own terminologies for defining access control policies. When data is shared between organisations a consistent policy needs to be defined which requires understanding and addressing these differences in syntax and semantics. Towards this objective, first we define a family of access control models called Digital Object Based Access Model (DOBAM) to address the scenarios having a large number of objects and involving object decomposition. We discuss the formalism of DOBAM and verify desirable security properties. Both simulations and analytical models are used to compare the performance of DOBAM with other existing models. Second, we extend one of the most popular access control models, Role Based Access Control (RBAC) model, to support network-aware access control policies. The resulting model, Network Aware RBAC (NA-RBAC) model, supports specification of access control permissions by taking the network state into account. Restricted access to data can be granted in the temporary absence of network connectivity. We formalise the model and verify different security properties. We compare the performance of NA-RBAC with that of RBAC in the presence of network disconnections. We combine both DOBAM and NA-RBAC to define a family of Network Aware Digital Object Based Access Model (NA-DOBAM) suitable for federation. We formalise the model and verify the security properties. Third, we also study distributed data access in the presence of permission up dates and network disconnections, and we verify the desirable security properties. Finally, we define NA-DOBAM ontologies for the three federated scenarios, RBPO, MI-CMS and MSS. Access control information is retrieved by querying one or more remote ontologies and access control rules are implemented in the ontology to get new knowledge. We demonstrate these using example scenarios. We show that security constraints and features such as separation of duty and delegation are satisfied by these ontologies.