Secure collaboration in mediator -free environments
Abstract
The internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduces several security challenges. Managing security in the absence of a central mediator is even more challenging. In this dissertation, we propose a distributed secure interoperability framework for mediator-free collaboration environments. We introduce the idea of secure access paths that enable domains to make localized access control decisions without having a global view of the collaboration. We also present a path authentication technique for proving path authenticity. We present an on-demand path discovery algorithm that enables domains to securely discover paths in the collaboration environment. Collaboration challenges are exacerbated when multiple domains are involved in the execution of a workflow of tasks. In such a case, acquiring and managing authorizations to enable the execution of the workflow tasks is a challenging problem. We propose a distributed workflow authorization model with no central WFMS for a mediator-free environment. We provide an on-demand task discovery protocol and define an extended model for workflow authorization constraints. Furthermore, we formulate several workflow authorization problems with different objectives and provided integer problems to solve such problems. To show the applicability of our proposed framework, we use current web service standards such as SOAP and UDDI to enable secure interoperability in a service oriented environment. We proposed a multihop SOAP messaging protocol that enables domains to discover secure access paths to access roles in different domains. Then we presented a path authentication mechanism based on the encapsulation of SOAP messages and SOAP-DISG standard. Furthermore, we provide a service discovery protocol that enables domains to discover service descriptions stored in private UDDI registries. Finally, we propose a proactive path discovery protocol that enables the discovery of secure and minimal-length access paths to reachable roles in other domains. We prove the minimal and secure properties of our protocol. Then, we described and verified a hierarchical role numbering scheme that allows the discovery of the reachable internal roles of other domains. Finally, we present experimental studies for all the proposed algorithms using both simulation and real implementations.
Degree
Ph.D.
Advisors
Ghafoor, Purdue University.
Subject Area
Electrical engineering|Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.