Secure information flow for inter-organisational collaborative environments

  • Shane Bracher

Student thesis: Doctoral Thesis


Collaborative environments allow users to share and access data across networks spanning multiple administrative domains and beyond organisational boundaries. This poses several security concerns such as data confidentiality, data privacy and threats to improper data usage. Traditional access control mechanisms focus on centralised systems and implicitly assume that all resources reside in the one domain. This serves as a critical limitation for inter-organisational collaborative environments, which are characteristically decentralised, distributed and heterogeneous. A consequence of the lack of suitable access control mechanisms for inter-organisational collaborative environments is that data owners relinquish all control over data they release. In these environments, we can reasonably consider more complex cases where documents may have multiple contributors, all with differing access control requirements. Facilitating such cases, as well as maintaining control over the document’s content, its structure and its flow path as it circulates through multiple administrative domains, is a non-trival issue. Thisthesisproposesanarchitecturemodelforspecifyingandenforcingaccesscontrolrestrictions on sensitive data that follows a pre-defined inter-organisational workflow. Our approach is to embed access control enforcement within the workflow object (e.g. the circulating document containing sensitive data) as opposed to relying on each administrative domain to enforce the access control policies. The architecture model achieves this using cryptographic access control – a concept that relies on cryptography to enforce access control policies. The specifications for the architecture model, as well as the specifications for an workflow object model, are discussed in this thesis. The workflow object model supports finer-granularity access control (on the content level)anddescribeshowtheworkflowobjectencapsulatessensitivedata,together with metadata defining the access rights. A prototype implementation of the models was constructed for experimentation purposes. Using this prototype, case studies were conducted to demonstrate the feasibility of the proposed models and to identify potential applications.
Date of Award6 Jun 2009
Original languageEnglish
SupervisorPadmanabhan Krishnan (Supervisor)

Cite this