Network-centric Access Control: Models and Techniques

Show full item record

Please use this identifier to cite or link to this item:

Title: Network-centric Access Control: Models and Techniques
Author: Wang, Ting ; Srivatsa, Mudhakar ; Agrawal, Dakshi
Abstract: In both commercial and defense sectors a compelling need is emerging for rapid, yet secure, dissemination of information to the concerned actors. Traditional approaches to information sharing (such as Multi-Level Security (MLS)) adopted a node-centric model wherein each user (social subjects) and each object (information object) is treated in isolation (e.g., using clearance levels for subjects and sensitivity levels for objects in MLS). Over the last two decades information sharing models have been enriched to partially account for relationships between subjects (e.g., Role-based Access Control (RBAC)), relationships between objects (e.g., Chinese-wall model), and relationships between subjects and objects (e.g., Separation of Duty (SoD) constraints). In this paper, we present a novel network-centric access control paradigm that explicitly accounts for network-effects in information flows, and yet offers scalable and flexible risk estimation regarding access control decisions. The goal of this paper is not to prescribe a risk-model for information flows; instead we enable a class of risk-models by developing scalable algorithms to estimate prior and posterior information flow likelihood using the structure of social and information networks. For instance, our network-centric access control model answers questions of the form: Does subject s already have access (via her social network) to object o? If subject s is given access to object o, what is the likelihood that subject sʼ learns object oʼ (where the subjects s and sʼ are related via the social network and the objects o and oʼ are related via the information network)? This paper makes three contributions. First, we show that several state-of-the-art access control models can be encoded using a network-centric access control paradigm, typically by encoding relationships as network edges (subject-subject, object-object and subject-object). Second, we present a suite of composable operators over social and information networks that enable scalable risk estimation for information flows. Third, we evaluate our solutions using the IBM SmallBlue dataset that was collected over a span of one year from an enterprise social network of size over 40,000.
Type: Technical Report
Date: 2010-09-21
Contributor: Georgia Institute of Technology. College of Computing
Georgia Institute of Technology. Center for Experimental Research in Computer Systems
Relation: CERCS ; GIT-CERCS-10-08
Publisher: Georgia Institute of Technology
Subject: Access control
Information flow
Information object
Information sharing
Multi-level security
Risk estimates
Social network

All materials in SMARTech are protected under U.S. Copyright Law and all rights are reserved, unless otherwise specifically indicated on or in the materials.

Files in this item

Files Size Format View
git-cercs-10-08.pdf 449.4Kb PDF View/ Open

This item appears in the following Collection(s)

Show full item record