Collaborative environments allow users to share and access data across networks spanning multiple administrative domains and beyond organisational boundaries. This poses several security concerns such as data conﬁdentiality, data privacy and threats to improper data usage. Traditional access control mechanisms focus on centralised systems and implicitly assume that all resources reside in the one domain. This serves as a critical limitation for inter-organisational collaborative environments, which are characteristically decentralised, distributed and heterogeneous. A consequence of the lack of suitable access control mechanisms for inter-organisational collaborative environments is that data owners relinquish all control over data they release. In these environments, we can reasonably consider more complex cases where documents may have multiple contributors, all with differing access control requirements. Facilitating such cases, as well as maintaining control over the document’s content, its structure and its ﬂow path as it circulates through multiple administrative domains, is a non-trival issue. Thisthesisproposesanarchitecturemodelforspecifyingandenforcingaccesscontrolrestrictions on sensitive data that follows a pre-deﬁned inter-organisational workﬂow. Our approach is to embed access control enforcement within the workﬂow object (e.g. the circulating document containing sensitive data) as opposed to relying on each administrative domain to enforce the access control policies. The architecture model achieves this using cryptographic access control – a concept that relies on cryptography to enforce access control policies. The speciﬁcations for the architecture model, as well as the speciﬁcations for an workﬂow object model, are discussed in this thesis. The workﬂow object model supports ﬁner-granularity access control (on the content level)anddescribeshowtheworkﬂowobjectencapsulatessensitivedata,together with metadata deﬁning the access rights. A prototype implementation of the models was constructed for experimentation purposes. Using this prototype, case studies were conducted to demonstrate the feasibility of the proposed models and to identify potential applications.
|Date of Award||6 Jun 2009|
|Supervisor||Padmanabhan Krishnan (Supervisor)|