Skip to main content
SpringerLink
Log in

Secure Interoperation in Multidomain Environments Employing UCON Policies

  • Conference paper
Information Security (ISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

Abstract

Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily consider static authorization decisions based on subjects’ permissions on target objects, and there is no further enforcement during the access. Recently proposed usage control (UCON) can address these requirements of access policy representation for temporal and time-consuming problems. In this paper, we propose a framework to facilitate the establishment of secure interoperability in multidomain environments employing Usage Control (UCON) policies. In particular, we propose an attribute mapping technique to establish secure context in multidomain environments. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We study how conflicts arise and show that it is efficient to resolve the security violations of cyclic inheritance and separation of duty.

This work is supported by National Natural Science Foundation of China under Grant 60873225, 60773191 and 60403027, National High Technology Research and Development Program of China under Grant 2007AA01Z403.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kapadia, A., AlMuhtadi, J., Campbell, R., et al.: IRBAC 2000: Secure Interoperability using Dynamic Role Translation. University of Illinois, Technical Report: UIUCDCS-R-2000-2162 (2000)

    Google Scholar 

  2. ANSI. American National Standard for Information Technology-Role Based Access Control. ANSI INCITS 359-2004 (2004)

    Google Scholar 

  3. Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)

    Article  Google Scholar 

  4. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and Systems Security 8(4), 351–387 (2005)

    Article  Google Scholar 

  5. Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A Logical Specification for Usage Control. In: 9th ACM Symposium on Access Control Models and Technology, pp. 1–10. ACM Press, New York (2004)

    Google Scholar 

  6. Bonatti, P., Vimercati, S.D.C., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transaction on Information and System Security 5(1), 409–422 (2002)

    Article  Google Scholar 

  7. Dawson, S., Qian, S., Samarati, P.: Providing Security and Interoperation of Heterogeneous Systems. Distributed and Parallel Databases 8, 119–145 (2000)

    Article  Google Scholar 

  8. Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Transactions on Knowledge and Data Engineering 22(1), 14–23 (1996)

    Google Scholar 

  9. Dawson, S., Qian, S., Samarati, P.: Providing Security and Interoperation of Heterogeneous Systems. Distributed and Parallel Databases 8(1), 119–145 (2000)

    Article  Google Scholar 

  10. Clark, D., Wilson, D., Kuhn, D.R.: A comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy, pp. 184–195. IEEE Press, Los Alamitos (1987)

    Google Scholar 

  11. Shehab, M., Bertino, E., Ghafoor, A.: SERAT: Secure Role Mapping Technique for Decentralized Secure Interoperability. In: 10th ACM Symposium on Access Control Models and Technologies, Stockholm, pp. 159–167. ACM Press, Sweden (2005)

    Google Scholar 

  12. Shafiq, B., Joshi, J.B.D., Bertino, E.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering 17(11), 1557–1577 (2005)

    Article  Google Scholar 

  13. Lupu, E., Sloman, M.: Conflicts in Policy-Based Distributed Systems Management. IEEE Transactions on Software Engineering 25(6), 852–869 (1999)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Intelligent and Distributed Computing Lab, College of Computer Sci. and Tech., Huazhong University of Sci. and Tech., Wuhan, 430074, P.R. China

    Jianfeng Lu, Ruixuan Li, Zhengding Lu & Xiaopu Ma

  2. Department of Computing, Macquarie University, NSW, 2109, Australia

    Vijay Varadharajan

Authors
  1. Jianfeng Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruixuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhengding Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaopu Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lu, J., Li, R., Varadharajan, V., Lu, Z., Ma, X. (2009). Secure Interoperation in Multidomain Environments Employing UCON Policies. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation