Optimized Multi-Domain Secure Interoperation using Soft Constraints

Building coalitions between autonomous domains and managing the negotiation process between multiple security policies in a multi-domain environment is a challenging task. The negotiation process requires efficient modeling methods for the determination of secure access states and demands support from automated tools aiming to support administrators and to minimize human intervention; thus making the whole process more efficient and less error-prone. In this paper we define a framework that enables the representation of policy merging between autonomous domains, as a constraint satisfaction problem, while remaining neutral in regard to the policy language. Role and permission hierarchies are modeled using the constraint programming formalism. Policy mappings are utilized in order to enable cross-organizational role assignment. Further optimization on policy mappings is achieved by casting the problem to a partially ordered multi-criteria shortest path problem.

[1]  Francesca Rossi,et al.  Semiring-based constraint satisfaction and optimization , 1997, JACM.

[2]  Li Gong,et al.  The complexity and composability of secure interoperation , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  John S. Baras,et al.  Towards automated negotiation of access control policies , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[4]  Himanshu Khurana,et al.  Reasoning about joint administration of access policies for coalition resources , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[5]  Stefano Bistarelli Semirings for Soft Constraint Solving and Programming , 2004, Lecture Notes in Computer Science.

[6]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[7]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[8]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[9]  S. Gritzalis,et al.  A scalable security architecture enabling coalition formation between autonomous domains , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[10]  Francesca Rossi,et al.  Semiring-based constraint logic programming: syntax and semantics , 2001, TOPL.

[11]  Francesca Rossi,et al.  Semiring-based constraint solving and optimization , 1997 .

[12]  David M. Eyers,et al.  Policy contexts: controlling information flow in parameterised RBAC , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.