Title:
Network-centric Access Control: Models and Techniques
Network-centric Access Control: Models and Techniques
Authors
Wang, Ting
Srivatsa, Mudhakar
Agrawal, Dakshi
Srivatsa, Mudhakar
Agrawal, Dakshi
Authors
Advisors
Advisors
Associated Organizations
Organizational Unit
Series
Collections
Supplementary to
Permanent Link
Abstract
In both commercial and defense sectors a compelling need is emerging for rapid, yet secure, dissemination
of information to the concerned actors. Traditional approaches to information sharing (such as
Multi-Level Security (MLS)) adopted a node-centric model wherein each user (social subjects) and each
object (information object) is treated in isolation (e.g., using clearance levels for subjects and sensitivity
levels for objects in MLS). Over the last two decades information sharing models have been enriched to
partially account for relationships between subjects (e.g., Role-based Access Control (RBAC)), relationships
between objects (e.g., Chinese-wall model), and relationships between subjects and objects (e.g.,
Separation of Duty (SoD) constraints).
In this paper, we present a novel network-centric access control paradigm that explicitly accounts
for network-effects in information flows, and yet offers scalable and flexible risk estimation regarding
access control decisions. The goal of this paper is not to prescribe a risk-model for information flows;
instead we enable a class of risk-models by developing scalable algorithms to estimate prior and posterior
information flow likelihood using the structure of social and information networks. For instance, our
network-centric access control model answers questions of the form: Does subject s already have access
(via her social network) to object o? If subject s is given access to object o, what is the likelihood that
subject sʼ
learns object oʼ
(where the subjects s and sʼ
are related via the social network and the objects
o and oʼ
are related via the information network)?
This paper makes three contributions. First, we show that several state-of-the-art access control
models can be encoded using a network-centric access control paradigm, typically by encoding relationships
as network edges (subject-subject, object-object and subject-object). Second, we present a suite
of composable operators over social and information networks that enable scalable risk estimation for
information flows. Third, we evaluate our solutions using the IBM SmallBlue dataset that was collected
over a span of one year from an enterprise social network of size over 40,000.
Sponsor
Date Issued
2010-09-21
Extent
Resource Type
Text
Resource Subtype
Technical Report