Intelligent Multi-Domain RBAC Model

Intelligent Multi-Domain RBAC Model

Rubina Ghazal (COMSATS Institute of Information Technology, Pakistan), Ahmad Kamran Malik (COMSATS, Institute of Information Technology, Pakistan), Nauman Qadeer (Federal Urdu University (FUUAST) Islamabad, Pakistan) and Mansoor Ahmed (COMSATS, Institute of Information Technology, Pakistan)
Copyright: © 2016 |Pages: 30
DOI: 10.4018/978-1-5225-0448-1.ch003


The information sharing tends to be dynamic in multi-domains because different teams are sharing information in a Collaborative Working Environment (CWE). The secure information sharing is a challenge in such environments. The Role Based Access Control (RBAC) is an efficient model for rights management in large systems, but it does not handle dynamisms of collaboration in multi-domain environments to access resources at a fine-grained level. The research aimed to address this issue of secure information and data sharing across multiple domains. The proposed model extends the RBAC model using intelligent agents, ontologies and design patterns. It introduces multi-agent monitors for role and permission assignments, session tracking, constraint handling and maintaining role hierarchy semantically. These agents use deductive learning to adapt changes and help in decision making for role and permission assignment. The model's working is discussed using a case scenario to ensure secure collaboration in a multi-domain environment.
Chapter Preview


The Internet has been used in business and military for decades and now it became an essential part of society. With the increased use of the internet in daily life and business organizations, (Zigrus & Munkvold 2006) observed that the collaboration is also increasing in the working environments and the technology is evolving rapidly that makes new forms of collaboration to be possible. Privacy and security concerns are increasing with the increase in information sharing and resources accessibility. Thus, secure information sharing for collaboration in multi-domain environments is becoming challenging. Simplifying the processes for correctly identifying individuals (authentication) and providing them appropriate access to data and systems based on their identity (authorization) is essential for building effective and dynamic cross-domain collaborations.

According to (Ni, Trombetta, Bertino, et al. 2007) privacy is the serious and challenging issue in many business areas and also in CWE where secure data and information sharing, amongst different applications and users, is an important requirement. Different access controls play an important role to achieve this goal. The Role-Based Access Control model is an efficient model for rights management in large systems but due to its static nature, it lacks in fulfilling dynamisms in a collaborative working environment to access resources at a fine-grained level. The study of (Tolone, Ahn, Pai, et al. 2005) and (Sahafizadeh & Parsa 2010) about different access control models showed that different models are designed to fulfill specific organizational structures, scenarios and requirements or in other words they are domain specific. Furthermore scalability is another issue in large organization as it becomes difficult to manage the huge data, their relevant permissions and role hierarchy.

The focus of this research is to extend RBAC functionality across different domains using agents and design patterns to enhance data privacy in CWE. (Stone & Veloso 2000) consider Multi-agent system (MAS) helpful where interaction between different people or organizations takes place with different goals. It provides parallelism that can help in context-bounded requirements. It also provides scalability and modularity that is helpful for social interactions. (Stone & Veloso 2000) also observed that MAS is useful because some domains require parallelism, robustness, scalability, simpler programming, to study intelligence, geographic distribution and cost effectiveness. The research by (Wu, Chen, Lin, et al. 2006) showed that along with agents, ontologies provide a formal specification of concepts and their relationships for collaboration in a distributed environment.

Role-based access control models are of great interest for security and privacy community as a powerful and generalized approach. In this chapter, an Intelligent Multi-domain RBAC model (IMd-RBAC) is proposed. This model is an ontology-based RBAC model along with learning and cooperative agents and design patterns. IMd-RBAC model extends the standard RBAC model given by (Ferraiolo, Sandhu, Gavrila, et al. 2001) with a general expression of ontologies and agents. Ontologies are content theories about a domain of knowledge and are developed to understand the structure of knowledge and to enhance reuse and standardization of knowledge. Ontologies help to organize knowledge in agent-based applications explicitly. Moreover, in multi-domain environment, machine learning and design patterns are used to enhance the capabilities of agents for adaptation.

Complete Chapter List

Search this Book: