Calendar
Headlines
Calendar
Seminar Series
Publications
Media Information
Current Events
Collaboration Policies: Access Control Management in SOA-Based Dynamic Collaborations
| Speaker | Mine Altunay |
|---|---|
| Organization | Dept. of Electrical and Computer Engineering |
| Location | 202 Partners III |
| Date | March 27, 2007 9:30 AM |
PhD Oral Exam
Service-oriented architectures change the computing paradigm by providing easily accessible services and by promoting collaborations among the provided services. The services can be harnessed with other services to create more powerful services. Ideally, the end user expects to select from an existing service pool, mix-and-match services, and come up with original applications that are tailored to his unique needs.
A collaboration is a collection of services that harnessed together to achieve a common goal. During run-time, each service is expected to interact with multiple peer services. These interactions are in the form of data exchanges between peers. Although collaboration significantly helps tackling difficult problems, it also leads to the increased exposure of a service. First, the collaborations are often short-termed and dynamically built based on end-user’s demands. Therefore, there may not be established trust relationships between peers. Second, during run time, a service becomes exposed to the all of the collaborative peers. The interactions within the collaboration are not isolated from one another. Instead, each interaction consecutively follows one another in order to propagate data among multiple parties. As a result, a service is not only exposed to the peers with which it directly interacts, but also interacts with other peers due to indirect interactions.
Our work addresses this problem. We approach the security problem from a service owner’s perspective. We first study the type of interactions that are present in a collaboration. Based on the identified interaction types, we discuss the security threats that can arise with each interaction type. Our access control model aims to mitigate these security threats. Our access control model is designed to evaluate a collaboration context. Our model recognizes the multitude of information present within a collaboration context: varying interactions, different peers engaged in these interactions, and the actions taken by each of these peers.
In order to express access requirements from a collaboration, we designed collaboration policies. A collaboration policy contains access rules that are specified to evaluate the collaboration context. A service owner can associate each access rule with a specific interaction type. As a result, different peers with different interaction types are applied against different access requirements. In other words, our access control model varies access requirements from a collaborative peer depending on the collaboration context.
We encompass our work inside a framework. We develop a system architecture where each service that is invited into the collaboration can use its own collaboration policy to reach a decision. These evaluations are carried out as peer-peer trust evaluations. Our framework provides a message infrastructure that allows for these evaluations. Moreover, the results of the security evaluations are collected and are used to determine the feasibility of the collaboration. We determine a collaboration is feasible when each collaborative service is willing to join the collaboration as a result of its security evaluations.
Our work aims to provide a secure and autonomous computing environment, where it promotes the collaboration among services. It does this by enabling service owner’s with necessary means to protect themselves, and by encompassing these decisions into a framework.
| March 2007 | ||||||
| Sun | Mon | Tues | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
