Decentralised Privilege Management for Access Control

Abstract: The Internet and the more recent technologies such as web services, grid computing, utility computing and peer-to-peer computing have created possibilities for very dynamic collaborations and business transactions where information and computational resources may be accessed and shared among autonomous and administratively independent organisations. In these types of collaborations, there is no single authority who can define access policies for all the shared resources. More sophisticated mechanisms are needed to enable flexible administration and enforcement of access policies. The challenge is to develop mechanisms that preserve a high level of control on the administration and the enforcement of policies, whilst supporting the required administrative flexibility. We introduce two new frameworks to address this issue. In the first part of the thesis we develop a formal framework and an associated calculus for delegation of administrative authority, within and across organisational boundaries, with possibilities to define various restrictions on their propagation and revocation. The extended version of the framework allows reasoning with named groups of users, objects, and actions, and a specific subsumes relation between these groups. We also extend current discretionary access control models with the concept of ability, as a way of specifying when a user is able to perform an action even though not permitted to do so. This feature allows us to model detective access control (unauthorised accesses are logged for post-validation resulting in recovery and/or punitive actions) in addition to traditional preventative access control (providing mechanisms that guarantee no unauthorised access can take place). Detective access control is useful when prevention is either physically or economically impossible, or simply undesirable for one reason or another. In the second part of the thesis, we develop a formal framework for contractualbased access control to shared resources among independent organisations. We introduce the notion of entitlement in the context of access control models as an access permission supported by an obligation agreed in a contract between the access requester and the resource provider. The framework allows us to represent the obligations in a contract in structured way and to reason about their fulfilments and violations.