Establishing RBAC-Based Secure Interoperability in Decentralized Multi-domain Environments

Establishing interoperability is the first and foremost problem of secure interoperation in multi-domain environments. In this paper, we propose a framework to facilitate the establishment of secure interoperability in decentralized multi-domain environments, which employ Role-Based Access Control (RBAC) policies. In particular, we propose a method for setting up interoperating relationships between domains by combining role mappings and assignments of permissions to foreign roles. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We present rules which regulate the interoperability. These rules ensure that constraints of RBAC policies are respected when cross-domain accesses are allowed.

[1]  Peng Liu,et al.  Semantic access control for information interoperation , 2006, SACMAT '06.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.

[4]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Roy H. Campbell,et al.  IRBAC 2000: Secure Interoperability Using Dynamic Role Translation , 2000, International Conference on Internet Computing.

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Elisa Bertino,et al.  SERAT: SEcure role mApping technique for decentralized secure interoperability , 2005, SACMAT '05.

[8]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.

[9]  James B. D. Joshi,et al.  An RBAC framework for time constrained secure interoperation in multi-domain environments , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[10]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[11]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[12]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[13]  V. S. Subrahmanian,et al.  Merging Heterogeneous Security Orderings , 1996, ESORICS.

[14]  Gail-Joon Ahn,et al.  Role-based access management for ad-hoc collaborative sharing , 2006, SACMAT '06.

[15]  James B. D. Joshi,et al.  Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy , 2006, SACMAT '06.

[16]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.