论文信息 - Inconsistency Detection of Authorization Policies in Distributed Component Environment

Inconsistency Detection of Authorization Policies in Distributed Component Environment

In distributed component environment, a Role-Based Access Control (RBAC) server manages all authorization policies of components in the same domains whereas the components are distributed to an application server on a network with their authorization policies. It is necessary to detect inconsistency between the authorization policies of the RBAC server and the distributed components to guarantee the authorization policy integrity while system configuration and policies are changing. In this paper, an inconsistency detection method between the two authorization policies is proposed. Conditions of guaranteeing consistency are investigated to detect the inconsistencies and validated in a case study.

Hoh Peter In | Chang-Joo Moon

[1] Ravi S. Sandhu,et al. Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[2] Doo-Kwon Baik,et al. Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration , 2004, Comput. Secur..

[3] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4] Gail-Joon Ahn,et al. Role-based authorization constraints specification , 2000, TSEC.

[5] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[6] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[7] Konstantin Beznosov,et al. Enterprise Security with EJB and CORBA , 2001 .

[8] Yi Deng,et al. A framework for implementing role-based access control using CORBA security service , 1999, RBAC '99.