An Approach for Trusted Interoperation in a Multidomain Environment

Sun, Yuqing; Pan, Peng; Meng, Xiangxu

doi:10.1007/11839569_34

Yuqing Sun²⁰,
Peng Pan²⁰ &
Xiangxu Meng²⁰

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4158))

Included in the following conference series:

International Conference on Autonomic and Trusted Computing

772 Accesses

Abstract

There are increasing requirements for interoperation among distributed multi-domain systems. The key challenge is how to balance security and collaboration. A novel approach is proposed in this paper to support the trusted interoperation. It introduces the notions of effect scope and life condition into role based access control model to restrict permission to be active only in proper environment. Partial inheritance of role hierarchy is presented to support the finely granular access rights as well as the verification algorithms are proposed to maintain security constraints consistent. As an example, XACML-based platform is provided to combine the existent systems for secure interoperation. Without compromising the collaboration, this approach can effectively enforce a layered security policy and can reduce the complexity of security management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Oh, S., Park, S.: Task-role-based Access Control Model. J. of Information System 28, 533–562 (2003)
Article MATH Google Scholar
Bertino, E., Bonatti, P.A.: TRBAC: A Temporal Role-Based Access Control Model. ACM Transaction on Information and System Security 4(3), 191–223 (2001)
Article Google Scholar
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: Generalized Temporal Role Based Access Control Model (GTRBAC). IEEE Transaction on Knowledge and Data Engineering 17, 4–23 (2005)
Article Google Scholar
Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Transaction on Software Engineering 22(1), 43–52 (1996)
Article Google Scholar
Bonatti, P., Di Vimercati, S.D.C., Samarati, P.: A Modular Approach to Composing Access Control Policies. In: 7th ACM Conference on Communications and Security, pp. 164–173 (2000)
Google Scholar
Wijesekera, D., Jajodia, S.: A Propositional Policy Algebra for Access Control. ACM Transaction on Information and System Security 6(2), 286–325 (2003)
Article Google Scholar
Biskup, J., Wortmann, S.: Towards a Credential-Based Implementation of Compound Access Control Policies. In: Proc. of ACM SACMAT 2004, pp. 31–40 (2004)
Google Scholar
Song, E., Reddy, R., France, R., Ray, I., Georg, G., A., R.: Verifiable Composition of Access Control and Application Features. In: Proc. of SACMAT 2005, Stockholm, pp. 120–129 (2005)
Google Scholar
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transaction on Knowledge and Data Engineering 17(11), 1557–1577 (2005)
Article Google Scholar
Ferraiolo, D.F., Gavrila, S., Hu, V., Kuhn, R., D.: Composing and Combining Policies under the Policy Machine. In: Proc. of ACM SACMAT 2005, Stockholm, pp. 11–20 (2005)
Google Scholar
Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organization. In: Proc. of ACM SACMAT 2004, pp. 163–171 (2004)
Google Scholar
Sun, Y.Q., Meng, X.X., Liu, S.J., Pan, P.: Flexible Workflow Incorporated with RBAC. In: Shen, W.-m., Chao, K.-M., Lin, Z., Barthès, J.-P.A., James, A. (eds.) CSCWD 2005. LNCS, vol. 3865, pp. 525–534. Springer, Heidelberg (2006)
Chapter Google Scholar
Sun, Y.Q., Pan, P.: PRES—A Practical Flexible RBAC Workflow System. In: Proc. of 7th International Conference on Electronic Commerce, pp. 653–658 (2005)
Google Scholar
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rose-Based Access Control Model. IEEE Computer 29(2), 38–47 (1996)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science & Technology, Shandong University, 250100, Jinan, P.R. China
Yuqing Sun, Peng Pan & Xiangxu Meng

Authors

Yuqing Sun
View author publications
You can also search for this author in PubMed Google Scholar
Peng Pan
View author publications
You can also search for this author in PubMed Google Scholar
Xiangxu Meng
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, St. Francis Xavier University, Antigonish, Canada
Laurence T. Yang
Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology, Huazhong University of Science and Technology, 430074, Wuhan, China
Hai Jin
Hosei University, 184-8584, Tokyo, Japan
Jianhua Ma
Department of Computer Science, University of Augsburg, 86135, Augsburg, Germany
Theo Ungerer

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sun, Y., Pan, P., Meng, X. (2006). An Approach for Trusted Interoperation in a Multidomain Environment. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_34

Download citation

DOI: https://doi.org/10.1007/11839569_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38619-3
Online ISBN: 978-3-540-38622-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics