Managing Data Security in E-Markets through Relationship Driven Access Control

Managing Data Security in E-Markets through Relationship Driven Access Control

Harry Wang (University of Delaware, USA), J. Leon Zhao (City University of Hong Kong, China) and Guoqing Chen (Tsinghua University, China)
Copyright: © 2012 |Pages: 21
DOI: 10.4018/jdm.2012040101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Data security in e-markets is vital to maintaining trust among trading partners. In an e-market, companies must share information to improve operational efficiency in their supply chains, while at the same time, access to sensitive information by rival companies should be prevented. In today’s highly dynamic business environment, the relationships among companies in e-markets are constantly changing while these relationships determine how company information should be shared with other companies. In this paper, the authors show that existing access control models are not designed for managing data security in e-markets with dynamic company relationships and propose a Relationship Driven Access Control (RDAC) model to provide a better solution. In particular, the authors design a rule-based approach for managing dynamic company relationships and a secure query processing mechanism to filter shared information based on company relationships. A prototype system is developed to demonstrate and validate the authors’ RDAC model.
Article Preview

Introduction

Business-to-business electronic commerce requires the use of electronic catalogs as the contact points for both sellers and buyers. The benefits of e-catalogs for both suppliers and buyers include drastically reduced production costs, expanded markets, and reduced processing costs. E-catalogs are defined as electronic representations of information about the products and/or services of one or more organizations, e.g., eBay’s e-catalog provides 4320 product/service categories with 4 million auctions and 450,000 items added each day (Ball, Ma, Raschid, & Zhao, 2002; Baron, Shaw, & Bailey Jr, 2000; Benatallah, Hacid, Paik, Rey, & Toumani, 2006; Segev, Wan, & Beam, 1995; Stanoevska-Slabeva & Schmid, 2000; Yen & Kong, 2002). In electronic markets (e-markets), e-catalogs integrate operational data, such as orders, fulfillment issues, and delivery of services over the web (Beneventano & Magnani, 2004; Yen & Kong, 2002).

The growth of business-to-business e-commerce has highlighted the importance of maintaining inter-organizational trust in developing and maintaining business-to-business relationships. Furthermore, access control in e-commerce transactions has been identified as an important means for maintaining trust between trading partners (Lee, 2008; Li, Du, & Wong, 2007; Ratnasingham & Kumar, 2000; Wang, Cheng, & Zhao, 2004; Wang, Zhao, & Cheng, 2007). That is, managing data security in e-markets is a critical issue as the data owners have varying relationships with the e-marketplace and between one another (Kuller, 2005). Consequently, development of new techniques for managing data security in e-markets is an important research area.

One such research area focuses on advanced access control mechanisms that support security management in Web and e-commerce applications (Joshi, Aref, Ghafoor, & Spafford 2001; Lee, 2008; Thuraisingham, Clifton, Gupta, Bertino, & Ferrari, 2001). In supply chain management, companies typically form alliances for the purposes of information sharing and strategic cooperation (Seidmann & Sundararajan, 1997; Thomas & Griffin, 1996). This requires more advanced access control mechanisms that ensure the sharing of information align properly with the complex and dynamic relationships among the companies to maintain trust and confidentiality (Chakraborty & Ray, 2006; Kang, Park, & Froscher, 2001; Zhao, Wang, & Huang, 2008).

Existing access control models are mostly concerned with data and application security within a uniform organization where the relationships between companies are of little concern. The main focus of those access control models such as role-based access control (RBAC), task-based access control (TBAC), coalition-based access control (CBAC), and workflow-based access control (WBAC) are on how to efficiently mapping users to their access authorizations. As will be discussed in detail in later sections, TBAC, CABC, and WBAC models are extensions of the RBAC by including tasks, coalitions, and workflows into the mapping between users and roles. We will demonstrate that in an e-market, company relationships are a new dimension that has not been emphasized in previous access control model, and e-market data security must take into account company relationships.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 28: 4 Issues (2017): 3 Released, 1 Forthcoming
Volume 27: 4 Issues (2016)
Volume 26: 4 Issues (2015)
Volume 25: 4 Issues (2014)
Volume 24: 4 Issues (2013)
Volume 23: 4 Issues (2012)
Volume 22: 4 Issues (2011)
Volume 21: 4 Issues (2010)
Volume 20: 4 Issues (2009)
Volume 19: 4 Issues (2008)
Volume 18: 4 Issues (2007)
Volume 17: 4 Issues (2006)
Volume 16: 4 Issues (2005)
Volume 15: 4 Issues (2004)
Volume 14: 4 Issues (2003)
Volume 13: 4 Issues (2002)
Volume 12: 4 Issues (2001)
Volume 11: 4 Issues (2000)
Volume 10: 4 Issues (1999)
Volume 9: 4 Issues (1998)
Volume 8: 4 Issues (1997)
Volume 7: 4 Issues (1996)
Volume 6: 4 Issues (1995)
Volume 5: 4 Issues (1994)
Volume 4: 4 Issues (1993)
Volume 3: 4 Issues (1992)
Volume 2: 4 Issues (1991)
Volume 1: 2 Issues (1990)
View Complete Journal Contents Listing