Flexible owner retained access control for document management systems




Hoole, Alexander Michael

Journal Title

Journal ISSN

Volume Title



The majority of the security policy and enforcement frameworks deployed today require a centralized security model. These models are often tied to a central authentication service or operating system (OS) service. In collaboration environments, such as the Internet, there is no guarantee that users will be using the same OSs, authentication services, or access control policies. In such context, the risk of data interception or information leakage is extremely high during collaborations. Therefore, there is a need to control access to information that remains independent of these, and other, platform specific security features. Owner-retained access control, derived from labeling practices that historically have been used in paper based access control schemes, such as the military use of ORCON label, can provide such a feature. The owner-retained access control model allows for the owner of a document, not necessarily the creator of the document, to specify and maintain the access control restrictions for their data, even after disseminating such data. The access control policy itself is not sufficient to guarantee security; an enforcement framework is also required to ensure that the rules specified in the policy are enforced. The framework will allow us to overcome some of the limitations found in other access control policies. Discretionary access control, as an example, allows for authorized users to copy and distribute data once it has been accessed; thus breaking the principle of attenuation of privilege. In an attempt to satisfy this objective, we propose in this thesis, a formal security model and flexible policy specification and enforcement framework that allows for owner-retained control for document distribution in scalable collaborative environments. The body of the thesis also includes a description and validation of the security protocols that were developed to provide a framework for enforcing the security policy, the architecture and implementation of the prototype application (ORCS), case studies, and a performance evaluation of the most costly operations.



computer networks, security measures, wireless communication systems