Request-driven role mapping framework for secure interoperation in multi-domain environments

Computer Systems Science and Engineering

Volumn 23, Issue 3, 2008, Pages 193-207

  Li, Ruixuan ^a   Tang, Zhuo ^a   Lu, Zhengding ^a   Hu, Jinwei ^a  

^a HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (China)

Author keywords

Conflict resolution; Minimal unique set; Multi domain; Privilege query; Role mapping; Secure interoperation

Indexed keywords

CONFLICT RESOLUTION; EXTERNAL-; INTER-DOMAIN; INTER-OPERATION; MINIMAL UNIQUE SET; MULTI DOMAINS; MULTI-DOMAIN; PRIVILEGE QUERY; ROLE HIERARCHIES; ROLE MAPPING; SECURE INTEROPERATION;

CONFORMAL MAPPING;

EID: 49549111832     PISSN: 02676192     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Conference Paper

References (32)

1. J. B. D. Joshi, A. Ghafoor, W. Aref, and E. H. Spafford, "Digital Government Security Infrastructure Design Challenges," IEEE Computer, vol. 34, no. 2, pp. 66-72, 2001.
2. R. Power, "Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace," Que/Macmillan Publishing, August 2000.
3. P.-P. Lu, B. Li, M.-L. Xing, and L. Li, "An Automated Trust Negotiation Framework Based on Subjective Trust Model," Proceedings of the 6th International Conference on Machine Learning and Cybernetics (ICMLC'07), Hong Kong, pp. 19-22, 2007.
4. O. Ajayi, R. Sinnott, and A. Stell, "Trust Realisation in Multidomain Collaborative Environments," Proceedings of the 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS'07), Melbourne, Australia, pp. 906-911, 2007.
5. G. Zhao, D. Zheng, and K. Chen, "Design of single sign-on," Proceedings of the 2004 IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East'04), Beijing, China, pp.253-256. 2004.
6. JA-SIG, "ITS Central Authentication Service," http://www.yale.edu/tp/cas/.
7. J. B. D. Joshi, E. Bertino, and A. Ghafoor, "Temporal Hierarchies and Inheritance Semantics for GTRBAC," Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT'02), Monterey, California, USA, pp. 74-83, 2002.
8. S. Piromruen, and J. B. D. Joshi, "An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments," Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS'05), Sedona, Arizona, USA, pp. 36-48, 2005.
9. J. B. D. Joshi, E. Bertino, and U. Latif, "A Generalized Temporal Role-Based Access Control Model," IEEE Transactions on Knowledge and Data Engineering, vol. 17, no. 1, pp. 4-23, 2005.
10. S. Baselice, P. A. Bonatti, and M. Faella, "On interoperable trust negotiation strategies," Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), Bologna, Italy, pp. 39-50, 2007.
11. H. Chen, and N. Li, "Constraint Generation for Separation of Duty," Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06), Lake Tahoe, California, USA, pp. 130-138, 2006.
12. P. Bonatti, S. D. C. Vimercati, and P. Samarati, "An Algebra for Composing Access Control Policies," ACM Transactions on Information and System Security, vol. 5, no. 1, pp. 1-35, 2002.
13. S. Dawson, S. Qian, and P. Samarati, "Providing Security and Interoperation of Heterogeneous Systems," Distributed and Parallel Databases, vol. 8, no. 1, pp. 119-145, 2000.
14. E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo, "A Logical Framework for Reasoning on Data Access Control Policies," Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW'99), Mordano, Italy, pp. 175-189, 1999.
15. R. T. Simon, and M. E. Zurko, "Separation of Duty in Role-Based Environments," Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW'97), Rockport, MA, USA, pp. 183194, 1997.
16. E. Lupu, and M. Sloman, "Conflicts in Policy-Based Distributed Systems Management," IEEE Transactions on Software Engineering, vol. 25, no. 6, pp. 852-869, 1999.
17. M. Jaume, and C. Morisset, "Formalisation and implementation of Access control models," Proceedings of the 2005 International Conference on Information Technology: Coding and Computing (ITCC'05), pp. 703-708, 2005.
18. R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role Based Access Control Models," IEEE Computer, vol. 29, no. 2, pp. 38-47, 1996.
19. R. Sandhu, "Role Activation Hierarchies," Proceedings of the 3rd ACM Workshop Role-Based Access Control, Fairfax, VA, USA, pp. 33-40, 1998.
20. J. B. D. Joshi, E. Bertino, and A. Ghafoor, "Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model," Proceedings of the 26th Annual International Computer Software and Applications Conference (COMPSAC'02), Oxford, England, pp. 951-956, 2002.
21. Z. Hu, J. Zhang, and X. Luo, "Design and Realization of Efficient Memory Management for Embedded Real-Time Application," Proceedings of the 6th International Conference on ITS Telecommunications (ITST'06), Chengdu, China, pp. 174-177, 2006.
22. S. M. Chandran, and J. B. D. Joshi, "Towards Administration of a Hybrid Role Hierarchy," Proceedings of the 2005 IEEE International Conference on Information Reuse and Integration (IRI'05), Las Vegas, Nevada, USA, pp. 500-505, 2005.
23. J. B. D. Joshi, E. Bertino, and A. Ghafoor, "Formal Foundation for Hybrid Hierarchies in GTRBAC," ACM Transactions on Information and System Security, to be published, 2008.
24. S. Du, and J. B. D. Joshi, "Supporting Authorization Query and Inter-domain Role Mapping in Presence of Hybrid Role Hierarchy," Proceedings of the 11th ACM Symposium on Access Control, Models and Technologies (SACMAT'06), Lake Tahoe, California, USA, pp. 228-236, 2006.
25. B. Shafiq, J. B. D. Joshi, and E. Bertino, "Secure Interoperation in a Multidomain Environment Employing RBAC Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 17, no. 11, pp. 1557-1577, 2005.
26. J. B. D. Joshi, E. Bertino, B. Shafiq, and A. Ghafoor, "Dependencies and Separation of Duty Constraints in GTRBAC," Proceedings of the 8th ACM Symposium on Access Control, Models and Technologies (SACMAT'03), Como, Italy, pp. 51-64, 2003.
27. L. Gong, and X. Qian, "Computational Issues in Secure Interoperation," IEEE Transactions on Software Engineering, vol. 22, no.1, pp. 43-52, 1996.
28. P. A. Bonatti, M. L. Sapino, and V. S. Subrahmanian, "Merging Heterogeneous Security Orderings," Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security (ESORICS'96), Rome, Italy, pp. 183-197, 1996.
29. M. Shehab, E. Bertino, and A. Ghafoor, "SERAT: Secure Role mapping Technique for Decentralized Secure Interoperability," Proceedings of the ACM Symposium on Access Control, Models and Technologies (SACMAT'05), Stockholm, Sweden, pp. 159-167, 2005.
30. J. B. D. Joshi, E. Bertino, and A. Ghafoor, "An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model," IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 2, pp. 157-175, 2005.
31. E. Bertino, and P. A. Bonatti, "TRBAC: A Temporal Role-Based Access Control Model," ACM Transactions on Information and System Security, vol. 4, no. 3, pp. 191-223, 2001.
32. J. B. D. Joshi, "X-GTRBAC Admin: A Decentralized Administration Model for Enterprise-Wide Access Control," ACM Transactions on Information and System Security, vol. 8, no. 4, pp. 388-423, 2005.