CAREER: A Trust-based Access Control Management Framework for Secure Information Sharing and Multimedia Workflows in Heterogeneous Environments

Grant

NSF-CAREER Award IIS-0545912

 

Project Duration

Jan 1, 2006 -  Dec 31, 2010

 

Project Total Amount

$416,419

 

Principal Investigator

James B. D Joshi

Assistant Professor

School of Information Sciences, University of Pittsburgh

 

Project Abstract

The goal of this research is to address the complex security, privacy and digital rights management issues related to the emerging multidomain application (EMA) environments, which are characterized by the convergence of emerging grid, P2P and mobile environments with multimedia and workflow technologies. Such EMA environments show huge potential for efficiently automating workflow processes across heterogeneous administrative domains, and for facilitating unprecedented levels of system interactions and information and resource sharing. In particular, the project takes a holistic approach to synthesizing a solution that combines (i) a comprehensive trust-based, adaptive, content and context based access control and secure interoperation framework to facilitate the interaction of constituent domains in an EMA environment, and (ii) a comprehensive framework for addressing the privacy and digital rights management issues related to sharing of multimedia data and workflows. The research will produce required theory, efficient algorithms, specification languages, negotiation protocols, and analysis and administration tools founded on sound design principles and usability considerations which will be validated in a prototype EMA environment. The results are expected to have direct and long-term impact on developing secure data and resource intensive heterogeneous application environments, and will contribute significantly to current efforts related to the protection of complex systems and infrastructures such as the national and global information grid. The research results will be incorporated into the security curriculum of the University of Pittsburgh, which has been designated a national center of academic excellence in information assurance education, and disseminated through publication venues and the project website (http://www.sis.pitt.edu/~jjoshi/nsfcareer/).

Go to Joshi's Homepage

Acknowledgement: All the publications listed here are based upon work supported by the National Science Foundation under this grant (Grant No.  IIS-0545912).

Disclaimer: Any opinions, findings, and conclusions or recommendations expressed in the materials listed here are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

 

People Involved

PhD Students

My Advisees

Program

Published 

 Area

Saman Taghavi

PhD, TEL

(new)

(Network + Grid) Secuity

Xulian Long

PhD, TEL

(new)

IP Multimedia Subsystem + Access Control and Authentication in Mobile Environment

Hassan Takabi

PhD, IS

(new)

Role Mining + Policy Engineering

Yue Zhang

PhD, IS/CS

3 Book Chapters + 4 Journals + 5 Conference

Multidomain Security, Grid security

Amirreza Masoumzadeh

PhD, IS

1 Journal + 2 Conference

Security/Privacy

Saubhagya Ram Joshi

PhD, IS

3 Chapters

Workflow Security

 

Others (did/doing research with me)

 

 

Siginq Du (graduated)

PhD, IS

1 Conference + 1 Chapter

Multidomain Security

Korporn Panyim

PhD, TEL

1 Paper

Trust Management

Carlos E. C. Bastidas

PhD, TEL

1 Journal Article/ I Paper

Access Control/Trust in IPv6/mobile IPv6 Security

Masters Students
Current      

Emily Ecoff (NSF-SFS student)

MS-IS

In progress

Digital Rights Management; Interdomain Access/Acuthenication in Mobile Env
Past      

Craig Schenkler (Graduated)

MS-IS

First LoTRBAC implementation

Prototype Implementation for Lot-RBAC

Summit Tuladhar (Graduated)

MS-TEL

MS Thesis;1 Journal Article, 1 Conference paper

Interdomain Authentication/Access in Mobile Environment

Raymond Murthi

MS, IS

GTRBAC implementation (partial)

GTRBAC Extension (Implementation)

Suronapee Phoomvuthisarn

MS, IS

1 Conference

Trust Management (Implementation)

Publications

Book Chapters
2006

  1. James B. D. Joshi, Siqing Du, Saubhagya R. Joshi, “A Trust Based Access Control Management Framework for a Secure Grid  Environment” in Book titled "Security in Distributed, Grid, and Pervasive Computing", Edited by  Prof. Yang Xiao, to be published by Auerbach Publications, CRC Press 2006.

  2. James B. D. Joshi, S. R. Joshi, and S. M. Chandran, "Information Security Issues and Challenges," in Encyclopedia of Digital Government, (Editors Ari-Veikko Anttiroiko, Matti Malkia), 2006.

  3. James B. D. Joshi, S. R. Joshi, and S. M. Chandran, "Identity Management and Privacy Issues," in Encyclopedia of Digital Government, (Editors Ari-Veikko Anttiroiko, Matti Malkia), 2006.

  4. James B. D. Joshi, S. M. Chandran, A. Ghafoor, and W. G. Aref, "Survivability Issues and Challenges," in Encyclopedia of Digital Government, (Editors Ari-Veikko Anttiroiko, Matti Malkia), 2006.

2007/2008

  1. James B D Joshi, Yue Zhang “Access Control and Trust Management for Emerging Multidomain Environments,” in Annals of Emerging Research in Information Assurance, Security and Privacy Services, Editors: S. Upadhyaya, R. O. Rao (in progress; invited)

  2. James B D Joshi, Yue Zhang, “Temporal Access Control,” Encyclopedia of Database Systems, Editors-in-Chief: Ling Liu, M. Tamer Özsu, Springer – in progress, (Invited).

  3. James B D Joshi, Yue Zhang, “Role based Access Control”, Encyclopedia of Database Systems, Editors-in-Chief: Ling Liu, M. Tamer Özsu Springer – in progress, (Invited).

  4. James B. D. Joshi, Mei-Ling Shyu, Shu-Ching Chen, Walid Aref, Arif Ghafoor, "A Multimedia-Based Threat Management and Information Security Framework," in Multimedia Technologies: Concepts, Methodologies, Tools, and Applications (3 Volumes) Edited By: Mahbubur Rahman Syed, Minnesota State University, Mankato, USA, June, 2008

Journals

  1. James, B.D. Joshi, Elisa Bertino, Arif Ghafoor and Yue Zhang, “Formal Foundations for hybrid hierarchies in GTRBAC”, ACM Transactions on Information and System Security (TISSEC), Vol. 10, No. 4, Jan, 2008, pp. 1-39.

  2. Yue Zhang and James B.D. Joshi, "SARBAC-HH: A Scoped Administration Model for RBAC with Hybrid Hierarchy", Journal of Information Assurance and Security, Vol 3, No. 2, Jun 2008, pp. 128-139.

  3. Carlos E. Caicedo, James Joshi, Summit Tuladhar, “IPv6 Security Challenges,” IEEE Computer (Accepted for publication).

Submitted/Being Submitted

  1. James. B.D. Joshi, Elisa Bertino, and Yue Zhang, “Constraints in the Generalized Temporal RBAC Model”, (IEEE TDSC)

  2. Yue Zhang, Amirreza Masoumzadeh and James B.D.Joshi, “LoT-RBAC: A Temporal Location Role Based Access Control Model”, (Journal of Location Based Services)

  3. Yue Zhang and James B.D. Joshi, “A Time-based Secure Interoperation and Authorization Model in Loosely-Coupled Multi-domain environment employing GTRBAC”, being submitted (venue TBD)

  4. Amirreza Masoumzadeh and James B.D.Joshi, "A Complete Role Delegation Model with Hybrid Hierarchy and SoD Constratins," (venue TBD)

  5. Amirreza Masoumzadeh and James B.D.Joshi, "Access Control and Privacy in Social Networks," (Target: IEEE Computer or IEEE Internet Computing)

  6. Emily Ecoff, James Joshi, "Digital Rights Management," (Target: IEEE Computer)

  7. Paper on RBAC for Multiagent based Pervasive Environment (Target: TBD).
     

Conference/Workshops

2006

  1. Michael Chuang; Suronapee Phoomvuthisarn; James B. D. Joshi, "An Integrated Framework for Trust-Based Access Control in Open Environments," The Second International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom-2006), Nov 16-19, 2006.

  2. Siqing Du, James B. D. Joshi, “Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy,” The 11th ACM Symposium on Access Control Models and Technologies, USA, June 2006.

  3. James B. D. Joshi, Elisa Bertino, “Fine-grained Role-based Delegation in Presence of Hybrid Role Hierarchy,” The 11th ACM Symposium on Access Control Models and Technologies, USA, June 2006.

  4. Suroop M Chandran, Korporn Panyim, James B. D. Joshi, “A Requirements-Driven Trust Framework for Secure Interoperation in Open Environments", The Fourth International Conference on Trust Management, (iTrust-06), May 16-19, Italy, 2006.

2007

  1. Yue Zhang and James, B.D. Joshi, “A Request-Driven Secure Interoperation Framework in Loosely-Coupled Multi-domain Environment Employing RBAC Policies”, TrustCol’ 2007, White Plains, New York

  2. Yue Zhang and James, B.D. Joshi, “SARBAC07: A Scoped Administration Model for RBAC with Hybrid Hierarchy”, IAS’ 2007, Manchester, UK
  3. Yue Zhang and James, B.D. Joshi, “ARBAC07: A Role-Based Administration Model for RBAC with Hybrid Hierarchy”, IRI’ 2007, Las Vegas, NV

2008

  1. Amirreza Masoumzadeh and James B. D. Joshi, "PuRBAC: Purpose-aware role-based access control," in Proc. 3rd Int'l Symposium on Information Security, . Lecture Notes in Computer Science. Springer, Nov. 10-11 2008.

  2. Yue Zhang and James B.D. Joshi, “A Framework for User Authorization Query Processing in RBAC extended with Hybrid Hierarchy and Constraints”, ACM symposium on access control models and technologies (SACMAT), Jun. 2008, Estes Park, CO.

  3. Yue Zhang and James B.D. Joshi, "Temporal UAS: Supporting Efficient RBAC Authorization in Presence of the Temporal Role Hierarchy", IEEE/IFIP International Symposium on Trust, Security and Privacy for Pervasive Applications (TSP-08), Dec. 2008, ShangHai, China

  4. Summit R. Tuladhar, Carlos E. Caicedo, James B. D. Joshi, “Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks,” IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, June 11-13, 2008 Taichung, Taiwan.

  5. Carlos E. Caicedo, James B. D. Joshi, “Security Issues in IPv6,” ITERA-08, March 27-29, 2008 (Rich Thompson, in his report, says: “I think this was the best paper at the conference”).

  6. Youna Jung, Amirreza Masoumzadeh, James B.D. Joshi, Minkoo Kim, " RiBAC: Role Interaction based Access Control Model for Community Computing", The 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom2008), Nov.13-16, 2008, Orlando, FL, USA.

  7. Minsoo Kim, James B.D. Joshi, Minkoo Kim, " Access Control for Cooperation Systems based on Group Situation", The 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom2008), Nov. 13-16, 2008, Orlando, FL, USA

(Submitted)

  1. Yue Zhang and James B.D. Joshi, “Centralized vs. Decentralized: A Formal Analysis of the Secure Interoperation Approaches in Multi-domain Environments”, Submitted to S&P’09.

(In Progress - to be submitted to conferences such as SACMAT08)

  • Paper on Multimedia Workflow Security

  • Paper on Access Path determination in Distributed system

  • Paper on Authentication and Authorization in Mobile Environments.

  • Paper on Policy Engineering / Role mining

  • Paper on Privacy Aware Access Control for Social Networks

 

Implementation Activities (Software + Testbed)

  1. Beta version of GTRBAC Implementation is being made available after Dec 30, 2008 (Click Here).

  2. Prototype implementation of LoT-RBAC and its XML specification language is being finalized.

  3. Implementation of SARBAC-HH model is being integrated in GTRBAC system
Activities related to Integration with Education/Training

Year 1: (2006)

  1. Implementation work (GTRBAC + Trust) for MS students

  2. Integrated in Security Management course 2006 (Trust Negotiation + GTRBAC and area related papers)

  3. Doctoral Seminar in Information Assurance (2005-2006)

Year 2: (2007)

  1. Project on prototype development for a secure mobile application to test LoTRBAC - in Developing Secure Systems course.

  2. Wider coverage of RBAC and Access Control models in Introduction to Security Course (Fall 2007)

  3. Mobile Testbed Set up and project on Interdomain Mobility

Year 3: (2008)

  1. Group project for 3 students enrolled in my "Introduction to Security Course" in Fall, 2008  - Implementation of the SARBAC-HH model (Published in Journal of Information Assurance and Security - see above)

  2. Class project for one student in the same course - implementation of LoTRBAC by extending the GTRBAC model. The implementation is being tested for making it available through the GTRBAC site.
Activities related to Dissemination of Results

Year 1: (2006)

  1. Organized TrustCol-2006

Year 2: (2007)

  1. Organized TrustCol-2007

  2. Invited Lecture/Presentation in University of Florida, Gainesville

  3. Invited Lecture/Presentation in Florida International University, Miami

  4. Invited Lecture/Presentation in University of North Carolina, Charlotte

Year 2: (2007)

  1. As a PC Co-chair of CollaborateCom2008 - actively emphasized the area of collaborative access control and presented two papers there.

  2. As PC Chair of SACMAT2009 - working towards further dissemination and support of the project related issues.