Abstract
There are increasing requirements for interoperation among distributed multi-domain systems. The key challenge is how to balance security and collaboration. A novel approach is proposed in this paper to support the trusted interoperation. It introduces the notions of effect scope and life condition into role based access control model to restrict permission to be active only in proper environment. Partial inheritance of role hierarchy is presented to support the finely granular access rights as well as the verification algorithms are proposed to maintain security constraints consistent. As an example, XACML-based platform is provided to combine the existent systems for secure interoperation. Without compromising the collaboration, this approach can effectively enforce a layered security policy and can reduce the complexity of security management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Oh, S., Park, S.: Task-role-based Access Control Model. J. of Information System 28, 533–562 (2003)
Bertino, E., Bonatti, P.A.: TRBAC: A Temporal Role-Based Access Control Model. ACM Transaction on Information and System Security 4(3), 191–223 (2001)
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: Generalized Temporal Role Based Access Control Model (GTRBAC). IEEE Transaction on Knowledge and Data Engineering 17, 4–23 (2005)
Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Transaction on Software Engineering 22(1), 43–52 (1996)
Bonatti, P., Di Vimercati, S.D.C., Samarati, P.: A Modular Approach to Composing Access Control Policies. In: 7th ACM Conference on Communications and Security, pp. 164–173 (2000)
Wijesekera, D., Jajodia, S.: A Propositional Policy Algebra for Access Control. ACM Transaction on Information and System Security 6(2), 286–325 (2003)
Biskup, J., Wortmann, S.: Towards a Credential-Based Implementation of Compound Access Control Policies. In: Proc. of ACM SACMAT 2004, pp. 31–40 (2004)
Song, E., Reddy, R., France, R., Ray, I., Georg, G., A., R.: Verifiable Composition of Access Control and Application Features. In: Proc. of SACMAT 2005, Stockholm, pp. 120–129 (2005)
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transaction on Knowledge and Data Engineering 17(11), 1557–1577 (2005)
Ferraiolo, D.F., Gavrila, S., Hu, V., Kuhn, R., D.: Composing and Combining Policies under the Policy Machine. In: Proc. of ACM SACMAT 2005, Stockholm, pp. 11–20 (2005)
Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organization. In: Proc. of ACM SACMAT 2004, pp. 163–171 (2004)
Sun, Y.Q., Meng, X.X., Liu, S.J., Pan, P.: Flexible Workflow Incorporated with RBAC. In: Shen, W.-m., Chao, K.-M., Lin, Z., Barthès, J.-P.A., James, A. (eds.) CSCWD 2005. LNCS, vol. 3865, pp. 525–534. Springer, Heidelberg (2006)
Sun, Y.Q., Pan, P.: PRES—A Practical Flexible RBAC Workflow System. In: Proc. of 7th International Conference on Electronic Commerce, pp. 653–658 (2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rose-Based Access Control Model. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, Y., Pan, P., Meng, X. (2006). An Approach for Trusted Interoperation in a Multidomain Environment. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_34
Download citation
DOI: https://doi.org/10.1007/11839569_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38619-3
Online ISBN: 978-3-540-38622-3
eBook Packages: Computer ScienceComputer Science (R0)