Cross-Domain Information Flow Control in RBAC-Employed Multi-Domain Environments

Resource sharing among multiple domains is pop- ular. Information flows in many cases of resource sharing, and sensitive information propagation across domains shall be controlled even in commercial sections, where RBAC policies are employed widely for authorization and access control. We investigate the issue of information flow in RBAC-Employed multi-domain environments and present an information flow control scheme. In our scheme, flow graphs can be constructed for representing and analyzing possible cross-domain information flow in this kind of environments. We let domains be able to define both inner-domain and cross-domain information security requirements (information propagation control requirements) and we give approaches to meet with them, such as role splitting, constraints on role activation and constraints on role map activation.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[3]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[4]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[5]  Makoto Takizawa,et al.  Information flow control in role-based model for distributed objects , 2001, Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001.

[6]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.

[7]  Tomoya Enokido,et al.  Synchronization of Transactions to Prevent Illegal Information Flow in a Role-Based Access Control Model , 2008, 22nd International Conference on Advanced Information Networking and Applications (aina 2008).

[8]  Nora Cuppens-Boulahia,et al.  An Integrated Model for Access Control and Information Flow Requirements , 2007, ASIAN.

[9]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[10]  Elisa Bertino,et al.  Secure interoperation in a multi-domain environment , 2004 .

[11]  Peng Liu,et al.  Semantic access control for information interoperation , 2006, SACMAT '06.

[12]  Tomoya Enokido,et al.  A legal information flow (LIF) scheduler based on role-based access control model , 2009, Comput. Stand. Interfaces.

[13]  Tomoya Enokido,et al.  Preventing Illegal Information Flow Based on Role-Based Access Control Model , 2008, NBiS.

[14]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[15]  Sabrina De Capitani di Vimercati,et al.  Access control in federated systems , 1996, NSPW '96.

[16]  James B. D. Joshi,et al.  An RBAC framework for time constrained secure interoperation in multi-domain environments , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[17]  Ravi S. Sandhu Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[18]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[19]  Ehud Gudes,et al.  Resolving Information Flow Conflicts in RBAC Systems , 2006, DBSec.

[20]  Yaowadee Temtanapat,et al.  Detection of access control flaws in a distributed database system with local site autonomy , 1997, Proceedings of the 1997 International Database Engineering and Applications Symposium (Cat. No.97TB100166).

[21]  Sylvia L. Osborn Information flow analysis of an RBAC system , 2002, SACMAT '02.

[22]  James B. D. Joshi,et al.  Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy , 2006, SACMAT '06.