This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
X-FEDERATE: A Policy Engineering Framework for Federated Access Management
May 2006 (vol. 32 no. 5)
pp. 330-346
Policy-Based Management (PBM) has been considered as a promising approach for design and enforcement of access management policies for distributed systems. The increasing shift toward federated information sharing in the organizational landscape, however, calls for revisiting current PBM approaches to satisfy the unique security requirements of the federated paradigm. This presents a twofold challenge for the design of a PBM approach, where, on the one hand, the policy must incorporate the access management needs of the individual systems, while, on the other hand, the policies across multiple systems must be designed in such a manner that they can be uniformly developed, deployed, and integrated within the federated system. In this paper, we analyze the impact of security management challenges on policy design and formulate a policy engineering methodology based on principles of software engineering to develop a PBM solution for federated systems. We present X-FEDERATE, a policy engineering framework for federated access management using an extension of the well-known Role-Based Access Control (RBAC) model. Our framework consists of an XML-based policy specification language, its UML-based meta-model, and an enforcement architecture. We provide a comparison of our framework with related approaches and highlight its significance for federated access management. The paper also presents a federation protocol and discusses a prototype of our framework that implements the protocol in a federated digital library environment.

[1] R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, “X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control,” ACM Trans. Information and System Security (TISSEC), vol. 8, no. 2, 2005.
[2] R. Bhatti, J.B.D. Joshi, E. Bertino, and A. Ghafoor, “X GTRBAC Admin: A Decentralized Administration Model for Enterprise Wide Access Control,” Proc. Ninth ACM Symp. Access Control Models and Technologies, June 2004.
[3] M. Blaze, J. Feigenbaum, and A.D. Keromytis, “KeyNote: Trust Management for Public-Key Infrastructures,” Proc. Security Protocols Int'l Workshop, pp. 59-63, 1998.
[4] D. Carlson, Modeling XML Applications with UML: Practical e-Business Applications. Addison-Wesley, 2001.
[5] D.D. Clark and D.R. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” Proc. IEEE Symp. Security and Privacy, pp. 184-194, Apr. 1987.
[6] D.W. Chadwick and A. Otenko, “The PERMIS X.509 Role Based Privilege Management Infrastructure,” Proc. Seventh ACM Symp. Access Control Models and Technologies, 2002
[7] N. Damianou, N. Dulay, E. Lupu, and M Sloman, “The Ponder Specification Language,” Proc. Workshop Policies for Distributed Systems and Networks (Policy2001), Jan. 2001.
[8] C.M. Ellison, “SPKI Requirements,” RFC 2692, Internet Eng. Task Force Draft IETF, Sept. 1999, http://www.ietf.org/rfcrfc2692.txt.
[9] T. Fink, M. Koch, and K. Pauls, “An MDA Approach to Access Control Specifications Using MOF and Profiles,” Proc. First Int'l Workshop Views on Designing Complex Architectures (VODCA), 2004.
[10] A. Herzberg, Y. Mass, J. Mihaeli, D. Naor, and Y. Ravid, “Access Control Meets Public Key Infrastructure, or: Assigning Roles to Strangers,” Proc. 2000 IEEE Symp. Security and Privacy, pp. 2-14, 2000.
[11] J.B.D. Joshi, R. Bhatti, E. Bertino, and A. Ghafoor, “An Access Control Language for Multi-Domain Environments,” IEEE Internet Computing, vol. 8, no. 6, pp. 40-50, Nov./Dec. 2004.
[12] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control Model (GTRBAC),” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, Jan. 2005.
[13] J. Jürjens, “UMLsec: Extending UML for Secure Systems Development,” Proc. Fifth Int'l Conf. Unified Modeling Language, pp. 412-425, 2002.
[14] S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” RFC 2401, Internet Eng. Task Force Draft IETF, Nov. 1998, http://www.ietf.org/rfcrfc2401.txt.
[15] A. Keromytis, S. Ioannidis, M. Greenwald, and J. Smith, “The STRONGMAN Architecture,” Proc. Third DARPA Information Survivability Conf. and Exposition (DISCEX III), Apr. 2003.
[16] N. Li, J.C. Mitchell, and W.H. Winsborough, “Design of a Role-Based Trust Management Framework,” Proc. 2002 IEEE Symp. Security and Privacy, May 2002.
[17] T. Lodderstedt, D.A. Basin, and J. Doser, “SecureUML: A UMLbased Modeling Language for Model-Driven Security,” Proc. Fifth Int'l Conf. Unified Modeling Language, pp. 426-441, 2002.
[18] E. Lupu and M. Sloman, “Conflicts in Policy-Based Distributed Systems Management,” IEEE Trans. Software Eng., vol. 25, no. 6, Nov./Dec. 1999.
[19] L. Lymberopoulos, E. Lupu, and M. Sloman, “An Adaptive Policy Based Management Framework for Network Services Management,” J. Networks and Systems Management, special issue on policy based management of networks and services, vol. 11, no. 3, Sept. 2003.
[20] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, 1996.
[21] D. Seamon, “A Case for Federated Digital Library,” http://www.educause.edu/ir/library/pdferm0348.pdf , 2003.
[22] M. Thompson, A. Essiari, and S. Mudumbai, “Certificate-Based Authorization Policy in a PKI Environment,” ACM Trans. Information and System Security, (TISSEC), vol. 6, no. 4, pp. 566-588, Nov. 2003.
[23] A. Tsiolakis, “Consistency Analysis of UML Class and Sequence Diagrams Based on Attributed Typed Graphs and Their Transformation,” Technical Report No. 2000/3, Technische Universität Berlin, Mar. 2000.
[24] T. Verdickt, B. Dhoedt, F. Gielen, and P. Demeester, “Automatic Inclusion of Middleware Performance Attributes into Architectural UML Software Models,” IEEE Trans. Software Eng., vol. 31, no. 8, Aug. 2005.
[25] S.D.C. di Vimercati and P. Samarati, “Access Control in Federated Systems,” Proc. ACM New Security Paradigm Workshop, pp. 87-99, 1996.
[26] Department of Defense Directive No. 8320.2, Dec. 2004, http://www.fas.org/irp/doddir/dodd8320_2.pdf .
[27] DMTF Common Information Model, http://www.dmtf.org/standardscim/, 2005
[28] OASIS SAML, http://xml.coverpages.orgsaml.html, 2004.
[29] OASIS XACML, http://www.oasis-open.org/committeestc_ home.php?wg_abbrev=xacml , 2005.
[30] Web Services Roadmap, http://www-128.ibm.com/developer works/library/ specificationws-secmap/, 2002.
[31] Shibboleth, http://shibboleth.internet2.edu/docsdraft-mace-shibboleth-arch-protocols-latest.pdf , 2001.
[32] Liberty Alliance, http://www.projectliberty.org/resourcesspecifications.php , 2005.
[33] Resource Access Decision (RAD), Version 1.0, Object Management Group, 2001.

Index Terms:
Federated systems, software engineering, security management, role-based access control.
Citation:
Rafae Bhatti, Elisa Bertino, Arif Ghafoor, "X-FEDERATE: A Policy Engineering Framework for Federated Access Management," IEEE Transactions on Software Engineering, vol. 32, no. 5, pp. 330-346, May 2006, doi:10.1109/TSE.2006.49
Usage of this product signifies your acceptance of the Terms of Use.