|
Scalable Access Controls for Lineage
May 2009
Arnon Rosenthal, The MITRE Corporation
Len Seligman, The MITRE Corporation
Adriane Chapman, The MITRE Corporation
Barbara Blaustein, The MITRE Corporation
ABSTRACT
Lineage stores often contain sensitive information that needs protection from unauthorized access. We build on prior work for security and privacy of lineage information, focusing on complex conditions and scalable administration. We use Attribute-Based Access Control (ABAC) to express conditions based on many attributes, instead of roles. We then make administration and management more scalable, instead of managing large, monolithic access predicates for each object. To do so, we first support modular traceability and maintainability for separate concerns (e.g. security, legally mandated privacy, organizationally mandated privacy). We then provide constructs to manage authority when multiple administrators must collaborate. We show that these security techniques are needed for easy lineage security administration.
» Download Paper [PDF, 911KB]
Additional Search Keywords
n/a
|
