TNAC: A Novel Trust Negotiation Based Access Control Model Using XACML Architecture

Authors

1 PhD student, Imam Hossein University, Tehran, Iran

2 Assistant Professor, Imam Hossein University, Tehran, Iran

3 Associate Professor, Imam Hossein University, Tehran, Iran

Abstract

the emergence of Web services technologies and the evolution of distributed systems toward Service Oriented
Architectures (SOA) have helped significantly promote collaboration and information sharing. Data exchange among
heterogeneous platforms and provision of service security are two notable challenges in SOA architecture that require
due consideration. Due to different security policies in inter-organizational environment, current information security
mechanisms and traditional access control models are often unable to satisfy users’ security requirements. Trust
negotiation is a cruicial and promising approach in trust establishment and secure interactions between entities for
which there is no pre-existing knowledge or experience. In this paper, a new access control model based on attributes
and trust negotioation techniques to overcome these challenges is proposed. This model is developed within XACML
standard architecture together with Xengine evaluation engine features. Numerical results and performance
evaluation of our model show that the proposed model has more flexibilility and performance than existing models.
Moreover, the model is able to provide service security and also, proves it’s applicability in real e-government and
e-commerce environments

Keywords


[1] A. Karimi, M. S. Esfahani, and M. R. Hassani Ahangar, “MCDTWS: A Novel Multiple Criteria Decision-Based Trust Management Model in Web Services,” J. of Passive Defense Science and Technology, vol. 3, no. 3, pp. 181-192, 2013 (In Persian).
[2]  A. Ahmed and  N. Zhang, “Towards the realization of context-risk-aware access control in pervasive computing,” Telecommunication Systems Journal, 2009.
[3] J. Li, X. Liu, L. Liu, D. Sun, and B. Li, “HiTrust: building cross-organizational trust relationship based on a hybrid negotiation tree,” Springer Science Business Media, 2011.
[4] J. He, S. Ma, and B. Zhao, “Analysis of Trust-based Access Control Using Game Theory,” International Journal of Multimedia & Ubiquitous Engineering, vol. 8, no. 4, pp. 15-24, 2013.
[5] T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons, “Adaptive Trust Negotiation and Access Control”, in Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, 2005.
[6] A. X. Liu, F. Chen, J. Hwang, and T. Xie, “XEngine: A Fast and Scalable XACML Policy Evaluation Engine,” ACM, 2008.
[7] D. A. Haidar, N. uppens-Boulahia, F. Cuppens, and H. Debar, “XeNA: an access negotiation framework using XACML,” Institut Telecom and Springer-Verlag, 2008.
[8] T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust negotiation,” in Proc. of SP’03, 2003.
[9] W. H. Winsborough and N. Li, “Towards practical automated trust negotiation,” In Proceedings of the 3rd international workshop on policies for distributed systems and networks (POLICY’ 02) Monterey, CA, USA, 2002.
[10] W. H. Winsborough, K. E. Seamons, and V. E. Jones, “Automated trust negotiation,” In DARPA Information Survivability Conference and Exposition, vol. I, pp. 88-102, Hilton Head, SC, January 2000.
[11] JP. Bonatti and P. Samarati, “A Unified Framework for Regulating Access and Information Release on the Web,” In Journal of Computer Security, vol. 10, no. 3, pp. 241-271,  2002.
[12] Li, J. Mitchell, and W. H. Winsborough, “RT: A role-based trust-management framework,” In Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), April 2003.
[13] JJ. Trevor, “SD3: A Trust Management System with Certified Evaluation,” In IEEE Symposium on Security and Privacy, Oakland, CA, 2001.
[3] A. J. Lee, M. Winslett, and K. J. Perano, “TrustBuilder2: A Reconfigurable Framework for Trust Negotiation,” in Trust Management III.“Springer Berlin Heidelberg,” pp. 176-195, 2009.
[4] E. Bertino,  E. Ferrari, and A. C. Squicciarini,  “Trust-X: A peer-to-peer framework for trust establishment,” IEEE Transactions on Knowledge and Data Engineering vol. 16, no. 7, pp. 827–842, 2004.
[5] M. Singhal, S. Chandrasekhar, T. Ge, R. Sandhu, R.  Krishnan, G. J. Ahn, and E. Bertino, “Collaboration in Multicloud Computing Environments: Framework and Security Isues,” IEEE omputer Society, vol. 46, no. 2,    pp. 76-84, 2013.
[6] "eXtensible Access Control Markup Language (XACML) Version 2 standard OASIS, February," 2005.
 
Volume 3, Issue 1 - Serial Number 1
November 2020
Pages 53-67
  • Receive Date: 01 November 2014
  • Revise Date: 21 June 2023
  • Accept Date: 19 September 2018
  • Publish Date: 21 April 2015