Abstract
The current schemes for security policy interoperation in multi-domain environments are based on a centralized mediator, where the mediator may be a bottleneck for maintaining the policies and mediating cross-domain resource access control. In this paper, we present a mediator-free scheme for secure policy interoperation. In our scheme, policy interoperation is performed by the individual domains, for which, a distributed multi-domain policy model is proposed, and distributed algorithms are given to create such cross-domain policies. Specially, the policies are distributed to each domain, and we ensure that the policies are consistent and each domain keeps the complete policies it shall know.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Trans. Software Eng. 22(1) (January 1996)
De Capitani di Vimercati, S., Samarati, P.: Authorization specification and enforcement in federated database systems. Journal of Computer Security 5(2), 155–188 (1997)
Dawson, S., Qian, S., Samarati, P.: Providing Security and Interoperation of Heterogeneous Systems. Distrib. Parallel Databases 8(1), 119–145 (2000)
Sandhu, R.S., et al.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering 17(11), 1557–1577 (2005)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., Norwood, MA (2003)
Du, S., Joshi, J.B.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, Lake Tahoe, California, USA, June 07–09, pp. 228–236. ACM Press, New York (2006)
Piromruen, S., Joshi, J.B.D.: An RBAC Frame-work for Time Constrained Secure Interoperation in Multi-domain Environments. In: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, February 02–04, pp. 36–48 (2005)
Shehab, M., Bertino, E., Ghafoor, A.: SERAT: SEcure role mApping technique for decentralized secure interoperability. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, SACMAT 2005, Stock-holm, Sweden, June 01–03, 2005, pp. 159–167. ACM Press, New York (2005)
De Capitani di Vimercati, S., Samarati, P.: Access control in federated systems. In: Proceedings of the 1996 Workshop on New Security Paradigms, NSPW 1996, Lake Arrowhead, California, United States, September 17–20, 1996, pp. 87–99. ACM Press, New York (1996)
Corman, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to Algorithms, pp. 525–700. The MIT Press, Cambridge (1990)
Bonatti, P.A., Sapino, M.L., Subrahmanian, V.S.: Merging heterogenous security orderings. J. Comput. Secur. 5(1), 3–29 (1997)
Herzberg, A., Mass, Y.: Relying Party Credentials Framework. Electronic Commerce Research 4(1–2), 23–39 (2004)
Pan, C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, Lake Tahoe, California, USA, June 07-09, 2006, pp. 237–246. ACM Press, New York (2006)
Weinblatt, H.: A New Search Algorithm for Finding the Simple Cycles of a Finite Directed Graph. J. ACM 19(1), 43–56 (1972)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. IETF RFC 2693 (September 1999)
Shehab, M., Bertino, E., Ghafoor, A.: Secure collaboration in mediator-free environments. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, November 07–11, 2005, pp. 58–67. ACM Press, New York (2005)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-Based Trust-Management Framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, May 12 - 15, 2002, SP, p. 114. IEEE Computer Society, Los Alamitos (2002)
Biskup, J., Wortmann, S.: Towards a credential-based implementation of compound access control policies. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, Yorktown Heights, New York, USA, June 02–04, 2004, pp. 31–40. ACM, New York (2004)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)
Osborn. Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur. 2(1), 3–33 (1999)
Mehlhorn, K.: Data structures and Algorithms 2: Graph algorithms and NP-Completeness, pp. 133–139. Springer, Heidelberg (1984)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, X., Feng, D., Xu, Z., Hu, H. (2008). Mediator-Free Secure Policy Interoperation of Exclusively-Trusted Multiple Domains. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-79104-1_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79103-4
Online ISBN: 978-3-540-79104-1
eBook Packages: Computer ScienceComputer Science (R0)