Access Control in Collaborative SystemsWILLIAM TOLONE, GAIL-JOON AHN, AND TANUSREE PAIUniversity of North Carolina at CharlotteANDSENG-PHIL HONGInformation and Communications UniversityBalancing the competing goals of collaboration and security is a difficult,multidimensional problem. Collaborative systems often focus on building usefulconnections among people, tools, and information while security seeks to ensure theavailability, confidentiality, and integrity of these same elements. In this article, wefocus on one important dimension of this problem—access control. The article examinesexisting access control models as applied to collaboration, highlighting not only thebenefits, but also the weaknesses of these models.Categories and Subject Descriptors: K.6.5 [Management of Computing andInformation System]: Security and ProtectionGeneral Terms: Management, SecurityAdditional Key Words and Phrases: Access control, collaboration, security models1. INTRODUCTIONCollaborative systems, groupware, ormulti-user applications allow groups ofusers to communicate and cooperate oncommon tasks. Example systems includea wide range of applications such asaudio/video conferencing, collaborativedocument sharing/editing, distance learn-ing, workflow management systems, andThe work of Gail-J. Ahn was partially supported by the grants from National Science Foundation (NSF-IIS-0242393) and Department of Energy Early Career Principal Investigator Award (DE-FG02-03ER25565).Authors’ address: Department of Software and Information Systems, College of Information Technology,University of North Carolina at Charlotte, 9201 University City Blvd., Charlotte, NC 28223-0001; email:{wjtolone,gahn,tpai}@uncc.edu; url: www.sis.uncc.edu/LIISP; S.-P. Hong, Information and CommunicationsUniversity, Taejon, Korea; email: [email protected] author: Dr. Gail-J. Ahn, [email protected] to make digital or hard copies of part or all of this work for personal or classroom use is grantedwithout fee provided that copies are not made or distributed for profit or direct commercial advantage andthat copies show this notice on the first page or initial screen of a display along with the full citation.Copyrights for components of this work owned by others than ACM must be honored. Abstracting withcredit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use anycomponent of this work in other works requires prior specific permission and/or a fee. Permissions may berequested from Publications Dept., ACM, Inc., 1515 Broadway, New York, NY 10036 USA, fax: +1 (212)869-0481, or [email protected]2005 ACM 0360-0300/05/0300-0029 $5.00so on. All of these systems contain in-formation and resources with differentdegrees of sensitivity. The applicationsdeployed in such systems create, manip-ulate, and provide access to a variety ofprotected information and resources.Balancing the competing goals of col-laboration and security is difficult be-cause interaction in collaborative sys-tems is targeted towards making people,ACM Computing Surveys, Vol. 37, No. 1, March 2005, pp. 29–41.30 W. Tolone et al.information, and resources available toall who need it, whereas information se-curity seeks to ensure the availability,confidentiality, and integrity of these el-ements while providing it only to thosewith proper authorization. Protection ofcontextual information and resources insuch systems therefore entails addressingseveral requirements not raised by tra-ditional single-user environments, due inpart to the unpredictability of users andthe unexpected manners in which usersand applications interact in collaborativesessions.Among the several areas of securityunder consideration for collaborativeenvironments, authorization or accesscontrol is particularly important becausesuch systems may offer open access tolocal desktops or networked resources,for example, H.323 and T.120 confer-encing tools need to support text-basedchat, audio/ videoconferencing, sharedwhiteboard, and application and screensharing. Users need a mechanism notonly for identifying collaborators throughproper authentication, but to managewhich files, applications, portions of a sys-tem, and so forth. they can access duringa collaboration session. In this article,we provide a comprehensive study of au-thorization mechanisms for collaborativeenvironments examining both the meritsand weaknesses of each approach. Basedon this study, we outline best practicesin access control, while addressing theunique authorization requirements forcollaboration.The rest of this article is organized asfollows. Section 2 discusses access con-trol requirements for collaboration as doc-umented from existing research. Section 3examines existing access control modelsas applied to existing collaborative envi-ronments in light of these requirements,highlighting not only the benefits, but,more importantly, the weaknesses of thesemodels. In section 4, we assess thesemodels based on criteria drawn from ourstudy. Section 5 discusses lessons learnedfrom our experiment and concludes thearticle.2. ACCESS CONTROL REQUIREMENTSFOR COLLABORATIONAccess control models are used to decideon the ways in which the availability of re-sources in a system are managed and col-lective decisions of the nature of the en-vironment are expressed. Several groups[Edwards 1996; Jaeger and Prakash 1996;Ferraiolo and Barkley 1997; Bullock 1998]have studied the requirements for accesscontrol in collaborative environments.We summarize these requirements asfollows.—Access control must be applied and en-forced at a distributed platform level.—Access control models should be genericand enable access rights to be configuredto meet the needs of a wide variety ofcooperative tasks and enterprise mod-els. That is, such models should be ex-pressive enough to specify access rightsefficiently based on varied information(e.g., roles, context).—Access control for collaboration requiresgreater scalability in terms of the quan-tity of operations than tradition sin-gle user models because the numberof shared operations is much richer incollaborative environments compared totraditional single user systems.—Access control models must be able toprotect information and resources of anytype and at varying levels of granularity.That is, they must have the ability toprovide strong protection for shared en-vironments and objects of various typesas well as allow fine-grained
View Full Document