By Topic

Role-based integrated access control and data provenance for SOA based net-centric systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Wei She ; Dept. of Comput. Sci., Univ. of Texas at Dallas, Dallas, TX, USA ; I-Ling Yen ; Bastani, F. ; Bao Tran
more authors

Service-oriented architecture (SOA) has been widely adopted in the development of many net-centric application systems. In SOA, services potentially from different domains are composed together to accomplish critical tasks. In these systems, security and trustworthiness are the major concerns that have not been well addressed. Many access control models have been developed to ensure proper accesses to critical resources from local as well as external domains. Also, many data provenance schemes have been proposed in recent years to support data quality assessment and enhancement, data reproduction, etc. However, none of the existing mechanisms consider both access control and data provenance in a unified model. In this paper, we propose an integrated role-based access control and data provenance model to secure the cross-domain interactions. We develop a role-based data provenance scheme which tracks the roles of the data originators and contributors and uses this information to help evaluate data trustworthiness. We also make use of the data provenance information and the derived data quality attributes to assist with role-based access control. In this integrated model, the secure usage of a data resource must also consider the quality and trustworthiness of the data. To realize this concept, we develop an extended access control model in which access permissions are specified with constraints over the provenance attributes. Also, to assure confidentiality, we record the access constraints from the data originators and contributors to help decide how the data should be further disseminated.

Published in:

Service Oriented System Engineering (SOSE), 2011 IEEE 6th International Symposium on

Date of Conference:

12-14 Dec. 2011