Beyond the common security threats that characterize networked systems, collaborative working environments have several additional security requirements of their own that are fundamental. In such untrusted environments user requirements in terms of security and privacy are crucial. The user needs to feel confident in order to be able to exploit fully and freely the features provided by the collaborative system. It is essential to ensure that there is no information leakage either directly or indirectly from the user domain to that of peers, or any other unauthorized third parties.

Unfortunately most cooperative systems rely on centralized security models, which are too rigid and restrictive, and lack the flexibility that is vital in such environments. A suitable security model for collaborative working environments must not only consider inherent characteristics such as flexibility, dynamic reconfiguration, and sharing, but also scalability. Most realistic collaborative systems run in complex and sophisticated environments, and involve a diverse and large number of participants with differing security and operational requirements. The security system must accommodate and enforce the various and sometimes conflicting security requirements, without sacrificing the operational requirements of the whole system.

The objective of this project is to create a flexible policy negotiation and enforcement framework for secure document distribution in a scalable collaborative environment.

In this respect, we have defined in our work the theoretical foundation of a framework for secure information flow in scalable collaborative environments. Our framework not only addresses sharing, dynamic reconfiguration, flexibility, and scalability requirements inherent to scalable collaborative environments, but supports also confidentiality, integrity and access control needs. Our framework addresses specifically the concepts of shared-ownership (necessary for collaborative environments) and owner-retained control of sensitive resources. In particular the concept of owner-retained control is complex but crucial for data distribution control (DDC) and digital right management (DRM).

A practical implementation of the model, which supports owner-retained control has been developed under the form of a security tool that allows flexible and dynamic specification and enforcement of user security policies in collaborative environments. The name of the tool is ORCS, short for Owner-Retained Control System.


  • Dr. Issa Traore, Coordinator
  • Mr. Alexander Hoole, Investigator