TY - GEN
T1 - Multi-party access control - 10 years of successes and lessons learned
AU - Squicciarini, Anna Cinzia
N1 - Funding Information:
Squicciarini’s work has been funded by industry and various funding agencies, including grants from the National Science Foundation (and a CAREER Award 2015), Air Force, and Army Research Office. She also received generous support from Google and Hewlett-Packard Research Labs. She authored more than 90 contributions as papers in international conferences and journals, and chapters in international books.
Funding Information:
Work from dr. Squicciarini was partially funded from National Science Foundation under grant 1435080.
Publisher Copyright:
© 2020 Owner/Author.
PY - 2020/6/10
Y1 - 2020/6/10
N2 - As end-users have been asked to take on management tasks for their content and online resources, access control mechanisms have played an increasingly important role in a broad range of applications. These include data management for personalized medicine, content sharing sites, online communities, and technologies for remote collaborative work To face the need of these emerging user-centered domains, an increasing body of work has recognized the importance of new multi-user (or more generally, stakeholder) access control mechanisms for multiple users. The emphasis on group-centered access control has led to a shift from the traditional approach taken in the access control community for two main reasons. First, the access control community had long investigated models and techniques to facilitate single subjects' access to resources according to well-defined locally-enforceable policies, with little attention given to group-driven access control decisions. Second, the underlying goal had been to maintain confidentiality rather than facilitate controlled sharing. As such, the decisions offered by these early mechanisms are single-user driven and often binary and based on inflexible policies. In the past ten years, researchers have investigated and proposed a variety of multiparty access control mechanisms, and defined rigorous models for content management among multiple users, also developing mechanisms for various applications \citesuch2016resolving,fogues2017sharing,hu2014,hu2011multi,rajtmajer2016constrained,SuchC18,kairam2012talking,patil2012. Some tools for practical applications have also been developed. However, we have also assisted to several "failures" where promising approaches have not gained traction, either among the research community or (even less) the applied world. In this talk I will first discuss unique needs and challenges with addressing access control for multi-owned content, and provide a perspective from various applications. Next, I will summarize main successes and failures of existing approaches, identify open research challenges for future research opportunities in this space.
AB - As end-users have been asked to take on management tasks for their content and online resources, access control mechanisms have played an increasingly important role in a broad range of applications. These include data management for personalized medicine, content sharing sites, online communities, and technologies for remote collaborative work To face the need of these emerging user-centered domains, an increasing body of work has recognized the importance of new multi-user (or more generally, stakeholder) access control mechanisms for multiple users. The emphasis on group-centered access control has led to a shift from the traditional approach taken in the access control community for two main reasons. First, the access control community had long investigated models and techniques to facilitate single subjects' access to resources according to well-defined locally-enforceable policies, with little attention given to group-driven access control decisions. Second, the underlying goal had been to maintain confidentiality rather than facilitate controlled sharing. As such, the decisions offered by these early mechanisms are single-user driven and often binary and based on inflexible policies. In the past ten years, researchers have investigated and proposed a variety of multiparty access control mechanisms, and defined rigorous models for content management among multiple users, also developing mechanisms for various applications \citesuch2016resolving,fogues2017sharing,hu2014,hu2011multi,rajtmajer2016constrained,SuchC18,kairam2012talking,patil2012. Some tools for practical applications have also been developed. However, we have also assisted to several "failures" where promising approaches have not gained traction, either among the research community or (even less) the applied world. In this talk I will first discuss unique needs and challenges with addressing access control for multi-owned content, and provide a perspective from various applications. Next, I will summarize main successes and failures of existing approaches, identify open research challenges for future research opportunities in this space.
UR - http://www.scopus.com/inward/record.url?scp=85086819329&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85086819329&partnerID=8YFLogxK
U2 - 10.1145/3381991.3395397
DO - 10.1145/3381991.3395397
M3 - Conference contribution
AN - SCOPUS:85086819329
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 189
EP - 190
BT - SACMAT 2020 - Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 25th ACM Symposium on Access Control Models and Technologies, SACMAT 2020
Y2 - 10 June 2020 through 12 June 2020
ER -