No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Designing secure e-commerce with role-based access control
Abstract
The rapid proliferation of the Internet and the cost-effective growth of its key enabling technologies are revolutionizing information technology and creating unpredicted opportunities for developing large scale distributed applications. In this paper, an efficient method for managing security policies using XML and role-based access control are presented. The driving motivation of this research is to simplify security policy administration on Web-based applications such as e-commerce. Moreover, a general procedure for Web-based applications is described.
... Traditional security models, such as Access Control Lists (ACL) and Mandatory Access Control (MAC), are not designed for enforcing privacy policies. The proposed Object-Oriented Role-based Access Control model (ORBAC) [20, 21] for web-based applications also cannot be used to enforce privacy policies because it was not designed to model purpose , the key element in privacy policies. In the proposed ERBAC model shown inFigure 1 , mobile agent is a program that can exercise a user's or organization's authority, work autonomously toward a goal, and meet and interact with host. ...
The increasing importance of the Internet has motivated the exploration of new execution models based on mobile and dynamic entities to overcome the limits of the client/server model traditionally used to develop Internet applications. In this research, an Enhanced Role-based access control model (ERBAC) and an architecture for the ERBAC model are proposed. The architecture based on mobile agents will be a suitable approach to achieve both security interoperation and privacy protection in the Internet environment. The significant of this method is that mobile agents tend to execute the information locally therefore reducing network traffic and latency. In addition, mobile agents make it feasible to automatically realize the security and privacy protection for Internet applications.
... Dawson et al. (15) provide minimal criteria that satisfy the protection requirements while maximizing information sharing. For Web-based applications which use the Web browser based thin-client architecture, XML based RBAC technology is also discussed in the literature (11,51). ...
Information sharing is a key ingredient in any supply chain management (SCM) system and is critical for improving supply chain performance and enhancing competitive advantage of an organization. However, many organizations are reluctant to share information with their supply chain partners because of lack of trust, the fear of information leakage and security breakage from malicious individuals or groups. Through extensive literature review, this paper examines the possible security threats/attacks in a SCM system and identifies the key technologies in supporting the security and privacy of information sharing in SCM, in the hope of facilitating organizations? willingness and capability in sharing information by recognizing and implementing effective security measures.
... Role Based Access Control (RBAC) [10] is a method for controlling access to computer components. The idea being that it is possible to associate permissions with roles, and these roles can then be associated with clients. ...
Although e-commerce systems have progressed over the past few years, they lack important aspects such as building long-term and profitable relationships with customers and facilitating an environment that encourages buyers to buy more. The actual execution of e-commerce today is too different from its real-life counterpart, and for the most part it's a "Web page" with listing of items and prices. Providing an e-commerce system that brings on-line shopping closer to the actual experience that people have in a real life environment would bring the system closer to the concept of 'e-communities'. In privacy-preserved communities, the system adheres to basic user protection and privacy principles along existing legal norms. This paper presents a Kerberos-based protocol for controlling and accessing privacy-preserved information from networked applications. Our approach is novel in that it incorporates a number of legal privacy requirements into the technical design of the system itself. To our knowledge this work is the only e-commerce e-community based solution built specifically to meet the requirements of privacy legislation, and designed to be controlled by a third commonly trusted application.
Recently, considerable attention has been given to the emerging cloud computing paradigm in the distributed computing environments where, users access various services and shared resources hosted by the service providers, for the successful and efficient completion of their tasks. In this context, in order to prevent the unauthorized access of the distributed system components, authentication and authorization functions are to be enforced effectively. Hence, the proper access control of distributed shared resources assumes high significance, as far as the secure computing paradigm is concerned. In this paper, we make an analysis of the distributed access control issue considering the various mechanisms proposed by the researchers in this area, discussing their merits and demerits. The issues and concerns in different contexts of distributed computing environments are highlighted. We propose an agent-based approach for the distributed access control in cloud environments for mediating the access requests of cloud consumers, considering the present day requirements of the cloud computing paradigm. We also give the workflow model for the proposed agent-based approach for the distributed access control in cloud. A few open issues in the area of distributed access control are also discussed.
Security is a requisite and vital concern that should be addressed in e-commerce systems. Traditionally, to add security properties to the application, developers had to specify when, where and how to apply what security policies manually. Such a process is often complicate and error-prone. This paper describes an aspect oriented approach to separating security and application concerns at the architecture level. In the approach, security and application concerns are specified in security aspect models and a base model separately. By specifying the crosscutting relationship between them, the two kinds of models are combined together through weaving. The weaving is based on process algebras and is automatic. Separating security aspects at the early stage of software development can promote maintainability and traceability of the system.
Secure information sharing is one of key factors for success of virtual enterprise (VE). The study identifies the characteristics of a VE and analyzes the requirements of a VE access control. A Virtual Enterprise Access Control (VEAC) model is proposed to handle resource management and sharing across each participating enterprise, which consists of a Project-based Access Control (PBAC) sub-model to manage public resources and a Role-based Access Control (RBAC) sub-model to manage private resources. The architecture of a VEAC model-based system is developed and consists of three core mechanisms including the Virtual Enterprise Access Control Center (VEACC), Security Gatekeeper (SG) and Global Certificate Authority Center (GCAC). Based on the system architecture, the study proposes certificate authentication, user authority and access control approaches to identify user's identity on-line, update and search user authority lists, and access private and public resources. The results of this study will facilitate more secure resource sharing, and overcome cooperation barrier from trust among participating enterprises in VE.
We present a Secure E-commerce Protection Profile (SEPP) that captures security requirements for securing sessions in the e-commerce operational environment. The SEPP is prepared in accordance with the Common Criteria (CC), Version 2.1, as specified by the ISO 15408 standard. The SEPP states the requirements that sessions must satisfy in order to respond to the needs of e-commerce. The Target of Evaluation (TOE) security environment, which is composed of threat agents, vulnerabilities, attacks and threats, is described in detail. It is followed by describing the administrative security policies that are necessary to safeguard the TOE or its operating environment. The risks to the TOE are identified. The security objectives for the TOE are stated.
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called flat RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising flat and hierarchical RBAC in an ordered sequence and two unordered features - constraints and symmetry - is also presented. The paper furthermore identifies important/attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.
The lightweight directory access protocol (LDAP) is the Internet standard way of accessing directory services that conform to the X.500 data model. It is very widely supported by all the leading software vendors and is part of Windows 2000 Active Directory. There are two versions of LDAPv2, the original lightweight variation of the X.500 Directory Access Protocol (DAP); and LDAPv3, the heavyweight version. While the DAP was designed from its inception to support public-key infrastructures (PIUs), being part of the same X.500 family of standards as X.509, LDAP was not designed with this support in mind. LDAP has, however, become the predominant protocol in support of PIUs accessing directory services for...
We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Existing systems that support security in networked applications, including X.509 and PGP, address only narrow subsets of the overall trust management problem and often do so in a manner that is appropriate to only one application. This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services
Applications that involve the electronic transfer of credentials, value tokens, profiles, and other sensitive information are quickly gaining momentum. Traditional attempts to introduce electronic authentication, such as PKI and biometric verification, expose organizations to po-tentially unlimited liability, lead to consumer fear, and stifle the adoption of new systems. To overcome these barriers, innovative solutions are needed that address the entire spectrum of security and privacy interests for all parties involved. This paper is a technical overview of Digital Credentials. Digital Credentials are the digital equivalent of paper documents, plastic tokens, and other tangible objects issued by trusted parties. At the same time, they are much more powerful than their physical counterparts. For example, individuals can selectively disclose properties of the data fields in their Digital Credentials while hiding any other information. Digital Credentials also provide much greater security. As a result, they can be used to securely implement objects that traditionally are made identifiable in order to deal with certain kinds of fraud. Examples are diplomas, work permits, access cards, and drivers' licenses.
Current approaches to access control on Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architec-tures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current Web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches .
Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, certification authorities, trust delegation, or anything else.In this paper, we flesh out the need for trust management in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.
Often an information source on the Web would like to provide different classes of service to different clients. In the autonomous, highly distributed world of the Web, the traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a client's identity will often not suffice to determine whether a client is authorized to use a service. Our goal in this research project is to explore the use of digital credentials, digital analogues of the paper credentials we carry in our wallets today, to help solve this problem. In this paper we describe the major features required of a Web environment deploying digital credentials, including the introduction of security assistants for both clients and servers, and report on the status of our investigation into a credential-based environment.
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ensure that only authorized users were given access to certain data or resources. One kind of access control that emerged is role-based access control (RBAC). A role is chiefly a semantic construct forming the basis of access control policy. With RBAC, system administrators create roles according to the job functions performed in a company or organization, grant permissions (access authorization) to those roles, and then assign users to the roles on the basis of their specific job responsibilities and qualifications. A role can represent specific task competency, such as that of a physician or a pharmacist. Or it can embody the authority and responsibility of, say, a project supervisor. Roles define both the specific individuals allowed to access resources and the extent to which resources are accessed. For example, an operator role might access all computer resources but not change access permissions; a security officer role might change permissions but have no access to resources; and an auditor role might access only audit trails. Roles are used for system administration in such network operating systems as Novell's NetWare and Microsoft's Windows NT. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models the authors have developed to better understand RBAC and categorize different implementations, and discusses the use of RBAC to manage itself. The authors' framework separates the administration of RBAC from its access control functions.
HTTP state managemnt mechanism. Draft-ietf-http-state-man-mec.txt
- D M Kristol
- L Montulli
Kristol, D. M. and Montulli, L. HTTP state managemnt mechanism. Draft-ietf-http-state-man-mec.txt, 1999. Proceedings of the IEEE International Conference on E-Commerce (CEC'03) 0-7695-1969-5/03 $17.00 © 2003 IEEE