Abstract
Access control system is often described as a state transition system. Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states. In this paper, we propose to use security analysis techniques to maintain desirable security properties in the Multi-domain Environment based on risk model (MD\({\it R^2}\)BAC). We give a precise definition of security analysis problems in MD\({\it R^2}\)BAC, which is more general than safety analysis that is studied in single-domain. We show the process of dynamic permission adjustment in multi-domain environment, and illustrate two classes of problems in the process which can be reduced to similar analysis in the RT[←, ∩] role-based trust-management language, thereby establishing an interesting relationship between MD\({\it R^2}\)BAC and the RT framework. The reduction gives efficient algorithms for answering most kinds of queries in the two stages of dynamic adjustment permissions.
This work is supported by the National Natural Science Foundation of China (Grant Nos. 90715029 and 60603053), the Culti-vation Fund of the Key. Scientific and Technical Innovation Project, Ministry of Education of China (Grant No. 708066), the Program for New Century Excellent Talents in University, NCET.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Joshi, J.B.D., Bertino, E.: Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model. In: Proceedings of the 26th Annual International Computer Software and Applications Conference (COMPSAC 2002), Oxford, England, August 26-29 (2002)
Tang, Z., Li, R., Lu, Z., Wen, Z.: Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 277–290. Springer, Heidelberg (2008)
Li, R., Tang, Z., Lu, Z.: A Request-driven Policy Framework for Secure Interoperation in Multi-domain Environment. International Journal of Computer Systems Science & Engineering 23(3), 193–206 (2008)
Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 52(3), 474–514 (2005)
Li, N., Tripunitara, M.V.: Security Analysis in Role-Based Access Control. ACM Transactions on Information and System Security 9(4), 391–420 (2006)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models. Computer 29(2) (February 1996)
Moyer, M.J., Covington, M.J., Ahamad, M.: Generalized role-based access control for securing future applications. In: 23rd National Information Systems Security Conference (NISSC 2000), Baltimore, Md, USA (October 2000)
Zhang, G., Parashar, M.: Context-Aware Dynamic Access Control for Pervasive Applications. In: Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), Western MultiConference (WMC), San Diego, CA, USA (January 2004)
Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using Trust and Risk in Role-Based Access Control Policies. In: Proceedings of Symposium on Access Control Models and Technologies (2004)
Grandison, T., Sloman, M.: A Survey of Trust in Internet Applications. IEEE Communications Surveys 3(4), 2–16 (Fourth Quarter 2000)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceeding of IEEE Conference on Security and Privacy. AT&T (May 1996)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: 2002 IEEE Symposium on Security and Privacy, pp. 114–131. IEEE, Los Alamitos (2002)
Yao, W.T.-M.: Fidelis: A policy-driven trust management framework. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 301–317. Springer, Heidelberg (2003)
Dimmock, N., Belokosztolszki, A., Eyers, D., et al.: Using Trust and Risk in Role-Based Access Control Policies. In: SACMAT 2004, New York, USA, June 2-4 (2004)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Decidability of safety in graph-based models for access control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 229–243. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tang, Z., Zhang, S., Li, K., Feng, B. (2010). Security Analysis and Validation for Access Control in Multi-domain Environment Based on Risk. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-12827-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12826-4
Online ISBN: 978-3-642-12827-1
eBook Packages: Computer ScienceComputer Science (R0)