Secure interoperation in a multidomain environment employing RBAC policies

被引:123
作者
Shafiq, B
Joshi, JBD
Bertino, E
Ghafoor, A
机构
[1] Purdue Univ, Sch Elect & Comp Engn, W Lafayette, IN 47907 USA
[2] Univ Pittsburgh, Dept Informat Sci & Telecommun, Pittsburgh, PA 15260 USA
[3] Purdue Univ, Dept Comp Sci, W Lafayette, IN 47907 USA
基金
美国国家科学基金会;
关键词
secure interoperation; policy integration; role-based access control (RBAC); multidomain;
D O I
10.1109/TKDE.2005.185
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.
引用
收藏
页码:1557 / 1577
页数:21
相关论文
共 26 条
[1]  
AHN GJ, 2000, P ACM WORKSH ROL BAS
[2]  
BATINI C, 1986, COMPUT SURV, V18, P323, DOI 10.1145/27633.27634
[3]  
BELL DE, 1973, MTR2547 MITRE CORP, V1
[4]  
Bertino E., 1999, ACM Trans. Inf. Syst. Secur., V2, P65, DOI 10.1145/300830.300837
[5]   Nematode-responsive activity of the cauliflower mosaic virus 35S promoter and its subdomains [J].
Bertioli, DJ ;
Smoker, M ;
Burrows, PR .
MOLECULAR PLANT-MICROBE INTERACTIONS, 1999, 12 (03) :189-196
[6]  
Bonatti P., 2002, ACM Transactions on Information and Systems Security, V5, P1, DOI 10.1145/504909.504910
[7]  
BONATTI PA, 1996, P EUR S RES COMP SEC, P183
[8]  
COHEN E, 2002, P 7 ACM S ACC CONTR
[9]   Providing security and interoperation of heterogeneous systems [J].
Dawson, S ;
Qian, S ;
Samarati, P .
DISTRIBUTED AND PARALLEL DATABASES, 2000, 8 (01) :119-145
[10]  
GAVRILA SI, 1998, P 3 ACM WORKSH ROL B