Policy reconciliation for access control in dynamic cross-enterprise collaborations |
| |
| Authors: | D Preuveneers W Joosen E Ilie-Zudor |
| |
| Institution: | 1. imec-DistriNet, Department of Computer Science, KU Leuven, Heverlee, Belgium;2. Research Laboratory of Engineering and Management Intelligence, MTA SZTAKI, Budapest, Hungary |
| |
| Abstract: | In dynamic cross-enterprise collaborations, different enterprises form a – possibly temporary – business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations. |
| |
| Keywords: | Security policy-based access control dynamic cross-enterprise collaboration authorization enterprise computing tools |
|
|
