Abstract
Establishing interoperability is the first and foremost problem of secure interoperation in multi-domain environments. In this paper, we propose a framework to facilitate the establishment of secure interoperability in decentralized multi-domain environments, which employ Role-Based Access Control (RBAC) policies. In particular, we propose a method for setting up interoperating relationships between domains by combining role mappings and assignments of permissions to foreign roles. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We present rules which regulate the interoperability. These rules ensure that constraints of RBAC policies are respected when cross-domain accesses are allowed.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bonatti, P., Sapino, M., Subrahmanian, V.: Merging heterogeneous security orderings. In: Proceedings of the 4th European Symposium on Research in Computer Security, Rome, Italy, pp. 183–197 (September 1996)
Chen, H., Li, N.: Constraint generation for separation of duty. In: ACM Symposium on Access Control Models and Technologies, Lake Tahoe, California, USA, pp. 130–138. ACM Press, New York (2006)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, pp. 184–195. IEEE Computer Society Press, Los Alamitos (1987)
Dawson, S., Qian, S., Samarati, P.: Providing security and interoperation of heterogeneous systems. Distributed and Parallel Databases 8(1), 119–145 (2000)
Du, S., Joshi, J.B.D.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: ACM Symposium on Access Control Models and Technologies, pp. 228–236. ACM Press, New York (2006)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Gong, L., Qian, X.: Computational issues in secure interoperation. Software Engineering, IEEE Transactions on 22(1), 43–52 (1996)
Jin, J., Ahn, G.-J.: Role-based access management for ad-hoc collaborative sharing. In: ACM Symposium on Access Control Models and Technologies, pp. 200–209. ACM Press, New York (2006)
Kapadia, A., Al-Muhtadi, J., Campbell, R.H., Mickunas, M.D.: IRBAC 2000: Secure interoperability using dynamic role translation. In: Proceedings of the 1st International Conference on Internet Computing, pp. 231–238 (2000)
Li, N., Bizri, Z., Tripunitara, M.V.: On mutually-exclusive roles and separation of duty. In: ACM Conference on Computer and Communications Security, pp. 42–51. ACM Press, New York (2004)
Pan, C.-C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: ACM Symposium on Access Control Models and Technologies, pp. 237–246. ACM Press, New York (2006)
Piromruen, S., Joshi, J.B.D.: An RBAC framework for time constrained secure interoperation in multi-domain environments. In: the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, pp. 36–45. IEEE Computer Society Press, Los Alamitos (2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Shafiq, B., Joshi, J., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing rbac policies. IEEE Trans. Knowl. Data Eng. 17(11), 1557–1577 (2005)
Shehab, M., Bertino, E., Ghafoor, A.: Secure collaboration in mediator-free environments. In: ACM Conference on Computer and Communications Security, pp. 58–67. ACM Press, New York (2005)
Shehab, M., Bertino, E., Ghafoor, A.: SERAT: SEcure Role mApping Technique for decentralized secure interoperability. In: ACM Symposium on Access Control Models and Technologies, pp. 159–167. ACM Press, New York (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hu, J., Li, R., Lu, Z. (2007). Establishing RBAC-Based Secure Interoperability in Decentralized Multi-domain Environments. In: Nam, KH., Rhee, G. (eds) Information Security and Cryptology - ICISC 2007. ICISC 2007. Lecture Notes in Computer Science, vol 4817. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76788-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-76788-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76787-9
Online ISBN: 978-3-540-76788-6
eBook Packages: Computer ScienceComputer Science (R0)