Skip to main content
SpringerLink
Log in

Security Analysis and Validation for Access Control in Multi-domain Environment Based on Risk

  • Conference paper
Information Security, Practice and Experience (ISPEC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6047))

Abstract

Access control system is often described as a state transition system. Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states. In this paper, we propose to use security analysis techniques to maintain desirable security properties in the Multi-domain Environment based on risk model (MD\({\it R^2}\)BAC). We give a precise definition of security analysis problems in MD\({\it R^2}\)BAC, which is more general than safety analysis that is studied in single-domain. We show the process of dynamic permission adjustment in multi-domain environment, and illustrate two classes of problems in the process which can be reduced to similar analysis in the RT[←, ∩] role-based trust-management language, thereby establishing an interesting relationship between MD\({\it R^2}\)BAC and the RT framework. The reduction gives efficient algorithms for answering most kinds of queries in the two stages of dynamic adjustment permissions.

This work is supported by the National Natural Science Foundation of China (Grant Nos. 90715029 and 60603053), the Culti-vation Fund of the Key. Scientific and Technical Innovation Project, Ministry of Education of China (Grant No. 708066), the Program for New Century Excellent Talents in University, NCET.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Joshi, J.B.D., Bertino, E.: Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model. In: Proceedings of the 26th Annual International Computer Software and Applications Conference (COMPSAC 2002), Oxford, England, August 26-29 (2002)

    Google Scholar 

  2. Tang, Z., Li, R., Lu, Z., Wen, Z.: Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 277–290. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Li, R., Tang, Z., Lu, Z.: A Request-driven Policy Framework for Secure Interoperation in Multi-domain Environment. International Journal of Computer Systems Science & Engineering 23(3), 193–206 (2008)

    Google Scholar 

  4. Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 52(3), 474–514 (2005)

    Article  MathSciNet  Google Scholar 

  5. Li, N., Tripunitara, M.V.: Security Analysis in Role-Based Access Control. ACM Transactions on Information and System Security 9(4), 391–420 (2006)

    Article  Google Scholar 

  6. Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role Based Access Control Models. Computer 29(2) (February 1996)

    Google Scholar 

  7. Moyer, M.J., Covington, M.J., Ahamad, M.: Generalized role-based access control for securing future applications. In: 23rd National Information Systems Security Conference (NISSC 2000), Baltimore, Md, USA (October 2000)

    Google Scholar 

  8. Zhang, G., Parashar, M.: Context-Aware Dynamic Access Control for Pervasive Applications. In: Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), Western MultiConference (WMC), San Diego, CA, USA (January 2004)

    Google Scholar 

  9. Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using Trust and Risk in Role-Based Access Control Policies. In: Proceedings of Symposium on Access Control Models and Technologies (2004)

    Google Scholar 

  10. Grandison, T., Sloman, M.: A Survey of Trust in Internet Applications. IEEE Communications Surveys 3(4), 2–16 (Fourth Quarter 2000)

    Google Scholar 

  11. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceeding of IEEE Conference on Security and Privacy. AT&T (May 1996)

    Google Scholar 

  12. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: 2002 IEEE Symposium on Security and Privacy, pp. 114–131. IEEE, Los Alamitos (2002)

    Google Scholar 

  13. Yao, W.T.-M.: Fidelis: A policy-driven trust management framework. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 301–317. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Dimmock, N., Belokosztolszki, A., Eyers, D., et al.: Using Trust and Risk in Role-Based Access Control Policies. In: SACMAT 2004, New York, USA, June 2-4 (2004)

    Google Scholar 

  15. Koch, M., Mancini, L.V., Parisi-Presicce, F.: Decidability of safety in graph-based models for access control. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 229–243. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Communications, Hunan University, Changsha, 410082

    Zhuo Tang, Shaohua Zhang, Kenli Li & Benming Feng

Authors
  1. Zhuo Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaohua Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kenli Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benming Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646 Eupnae-ri, Shinchang-myun, Asan-si, 336-745, Chungcheongnam-do, Korea

    Jin Kwak

  2. School of Information Systems, Singapore Management University, 469 Bukit Timah Road, 259756, Singapore

    Robert H. Deng

  3. Internet and Security Policy Division, Korea Internet and Security Agency, Daedong B/D, Garak-dong 79-3, Songpa-gu, 138-950, Seoul, Korea

    Yoojae Won

  4. School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tang, Z., Zhang, S., Li, K., Feng, B. (2010). Security Analysis and Validation for Access Control in Multi-domain Environment Based on Risk. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12827-1_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12826-4

  • Online ISBN: 978-3-642-12827-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation