Policy Negotiation for Co-owned Resources in Relationship-Based Access Control
| Title | Policy Negotiation for Co-owned Resources in Relationship-Based Access Control |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Mehregan, Pooya, Fong, Philip W.L. |
| Conference Name | Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3802-8 |
| Keywords | Access Control, availability criteria, Computer Theory and Trust, Computing Theory, Human Behavior, interactive policy negotiation, multiple ownership, organizational computing, polynomial hierarchy., privacy preference, pubcrawl, rebac, sat solver, sharing need, Trust |
| Abstract | The collaborative nature of content development has given rise to the novel problem of multiple ownership in access control, such that a shared resource is administrated simultaneously by co-owners who may have conflicting privacy preferences and/or sharing needs. Prior work has focused on the design of unsupervised conflict resolution mechanisms. Driven by the need for human consent in organizational settings, this paper explores interactive policy negotiation, an approach complementary to that of prior work. Specifically, we propose an extension of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the draft policy is assessed by formally defined availability criteria: to the second level of the polynomial hierarchy. We devised two algorithms for verifying policy satisfiability, both employing a modern SAT solver for solving subproblems. The performance is found to be adequate for mid-sized organizations. |
| URL | http://doi.acm.org/10.1145/2914642.2914652 |
| DOI | 10.1145/2914642.2914652 |
| Citation Key | mehregan_policy_2016 |