Full Text:   <2587>

CLC number: TP309.2

On-line Access: 2010-09-07

Received: 2009-09-14

Revision Accepted: 2009-12-07

Crosschecked: 2010-08-02

Cited: 3

Clicked: 6964

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
Open peer comments

Journal of Zhejiang University SCIENCE C 2010 Vol.11 No.9 P.699-717


An authorization model for collaborative access control

Author(s):  Chen-hua Ma, Guo-dong Lu, Jiong Qiu

Affiliation(s):  Engineering and Computer Graphics Institute, Zhejiang University, Hangzhou 310027, China, Department of Computer Science and Technology, Hangzhou Dianzi University, Hangzhou 310018, China

Corresponding email(s):   mchma@zju.edu.cn

Key Words:  Collaborative access control, Collaborative permission, Conflict detection and resolution

Chen-hua Ma, Guo-dong Lu, Jiong Qiu. An authorization model for collaborative access control[J]. Journal of Zhejiang University Science C, 2010, 11(9): 699-717.

@article{title="An authorization model for collaborative access control",
author="Chen-hua Ma, Guo-dong Lu, Jiong Qiu",
journal="Journal of Zhejiang University Science C",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T An authorization model for collaborative access control
%A Chen-hua Ma
%A Guo-dong Lu
%A Jiong Qiu
%J Journal of Zhejiang University SCIENCE C
%V 11
%N 9
%P 699-717
%@ 1869-1951
%D 2010
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.C0910564

T1 - An authorization model for collaborative access control
A1 - Chen-hua Ma
A1 - Guo-dong Lu
A1 - Jiong Qiu
J0 - Journal of Zhejiang University Science C
VL - 11
IS - 9
SP - 699
EP - 717
%@ 1869-1951
Y1 - 2010
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.C0910564

collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Ahn, G.J., Sandhu, R., 2000. The RCL 2000 Language for Specifying Role-Based Authorization Constraints. PhD Thesis, George Mason University, Fairfax, Virginia, USA.

[2]Alsulaiman, F.A., Miege, A., EI Saddik, A., 2007. Threshold-Based Collaborative Access Control. Proc. Int. Symp. on Collaborative Technologies and Systems, p.45-56.

[3]Ardagna, C.A., Cremonini, M., de Capitani di Vimercati, S., Samarati, P., 2008. A privacy-aware access control system. J. Comput. Secur., 16(4):369-397.

[4]Carminati, B., Ferrari, E., 2008. Privacy-Aware Collaborative Access Control in Web-Based Social Networks. Proc. 22nd Annual IFIP WG 11.3 Working Conf. on Data and Applications Security, p.81-96.

[5]Crampton, J., 2003. Specifying and Enforcing Constraints in Role-Based Access Control. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.43-50.

[6]Dey, A.K., 2001. Providing Architectural Support for Building Context-Aware Applications. PhD Thesis, Georgia Institute of Technology, Atlanta, Georgia, USA.

[7]Dunlop, N., Indulska, J., Raymond, K., 2003. Methods for Conflict Resolution in Policy-Based Management System. Proc. 7th Int. Enterprise Distributed Object Computing Conf., p.98-109.

[8]Franz, E., Wahrig, H., Boettcher, A., Borcea-Pfitzmann, K., 2006. Access Control in a Privacy-Aware eLearning Environment. Proc. 1st Int. Conf. on Availability, Reliability and Security, p.879-886.

[9]Gambetta, D., 1990. Can We Trust Trust? In: Gambetta, D. (Ed.), Trust: Making and Breaking Cooperative Relations. Basil Blackwell, Oxford, p.213-237.

[10]Gligor, V.D., Gavrila, S., Ferraiolo, D., 1998. On the Formal Definition of Separation of Duty Policies and Their Composition. Proc. IEEE Computer Society Symp. on Research in Security and Privacy, p.172-183.

[11]He, Z.L., Tian, J.D., Zhang, Y.S., 2005. Analysis, detection and resolution of policy conflict. J. Lanzhou Univ. Technol., 31(5):83-86 (in Chinese).

[12]Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J., 2005. Context Sensitive Access Control. Proc. 10th ACM Symp. on Access Control Models and Technologies, p.111-119.

[13]Joshi, J.B.D., Bertino, E., Shafiq, B., Ghafoor, A., 2003. Dependencies and Separation of Duty Constraints in GTRBAC. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.51-64.

[14]Kim, K.I., Ko, H.J., Choi, W.G., Lee, E.J., Kim, U.M., 2008. A Collaborative Access Control Based on XACML in Pervasive Environments. Proc. Int. Conf. on Convergence and Hybrid Information Technology, p.7-13.

[15]Koch, M., Mancini, L.V., Parisi-Presicce, F., 2002. A graph based formalism for RBAC. ACM Trans. Inf. Syst. Secur., 5(3):332-365.

[16]Li, D., Rao, P., Bertino, E., Li, N.H., Lobo, J., 2008. Policy Decomposition for Collaborative Access Control. Proc. 13th ACM Symp. on Access Control Models and Technologies, p.103-112.

[17]Li, E.Y., Du, T.C., Wong, J.W., 2007. Access control in collaborative commerce. Decis. Support Syst., 43(2):675-685.

[18]Ma, C.H., Lu, G.D., Qiu, J., 2009. Conflict detection and resolution for authorization policies in workflow systems J. Zhejiang Univ.-Sci. A., 10(8):1082-1092.

[19]Michael, J., Nash, J., Keith, R., 1990. Some Conundrums Concerning Separation of Duty. Proc. IEEE Symp. on Research in Security and Privacy, p.201-209.

[20]Moffett, J.D., Sloman, M.S., 1994. Policy conflict analysis in distributed system management. Ablex Publish. J. Organ. Comput., 4(1):1-22.

[21]Neumann, G., Strembeck, M., 2003. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.65-79.

[22]Ni, Q., Trombetta, A., Bertino, P., Lobo, P., 2007. Privacy-Aware Role Based Access Control. Proc. 12th ACM Symp. on Access Control Models and Technologies, p.41-50.

[23]Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., 1996. Role-based access control models. IEEE Comput., 29(2):38-47.

[24]Simon, R., Zurko, M.E., 1997. Separation of Duty in Role Based Access Control Environments. Proc. 10th IEEE Workshop on Computer Security Foundations, p.183-194.

[25]Sohr, K., Ahn, G.J., Gogolla, M., Migge, L., 2005. Specification and Validation of Authorization Constraints Using UML and OCL. Proc. 10th European Symp. on Research in Computer Security, p.64-79.

[26]Tan, E.C., Leong, P.C., Sio, L.T., 2002. Group-access control of confidential files in e-commerce management using shared-secret scheme. Electron. Comm. Res., 2(1/2):151-158.

[27]Traore, I., Khan, S., 2003. A Protection Scheme for Collaborative Environments. Proc. ACM Symp. on Applied Computing, p.331-337.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE