| Service-oriented architectures change the computing paradigm by providing easily accessible services and by promoting collaborations among the provided services. The services can be harnessed with other services to create more powerful services. Ideally, the end user expects to select from an existing service pool, mix-and-match services, and come up with original applications that are tailored to his unique needs.;A collaboration is a collection of services that harnessed together to achieve a common goal. During run-time, each service is expected to interact with multiple peer services. An interaction occurs in the form of a data exchange between two peer services. Although collaboration significantly helps tackling difficult problems, it also leads to the increased exposure of a service. First, the collaborations are often short-termed and dynamically built based on end-user's demands. Therefore, there may not be established trust relationships among peers. Second, during run time, a service becomes exposed to the all of the collaborative peers. The interactions within the collaboration are not isolated from one another. Instead, each interaction consecutively follows one another in order to propagate data among multiple parties. As a result, a service is not only exposed to the peers with which it directly interacts, but also exposed to other peers due to indirect interactions.;We approach the access management from a service owner's perspective. We first study the type of interactions that are present in a collaboration. Based on the identified interaction types, we discuss the security threats that can arise with each interaction type. Our access control model aims to mitigate these security threats. Our access control model is designed to evaluate a collaboration context, and it recognizes the multitude of information present within a collaboration context: varying interactions, different peers engaged in these interactions, and the actions taken by each of these peers.;In order to express access requirements from a collaboration, we designed collaboration policies. A collaboration policy contains access rules that are specified to evaluate the collaboration context. A service owner can associate each access rule with a specific interaction type. As a result, different peers with different interaction types are applied against different access requirements. In other words, our access control model varies access requirements from a collaborative peer depending on the collaboration context.;We encompass our work inside a framework. We develop a system architecture where each service that is invited into the collaboration can use its own collaboration policy to reach a decision. These evaluations are carried out as peer-peer trust evaluations. Our framework provides a message infrastructure that is used to carry out these evaluations. Moreover, the results of the security evaluations are collected and are used to determine the feasibility of the collaboration. We determine a collaboration is feasible when each collaborative service is willing to join the collaboration as a result of its security evaluations.;Our work aims to provide a secure and autonomous computing environment, and it aims to promote collaboration among services. We do this by enabling service owner's with necessary means to protect themselves, and by encompassing these decisions into a framework. |
PDF Full Text Request