This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
November 2005 (vol. 17 no. 11)
pp. 1557-1577
James B.D. Joshi, IEEE Computer Society
Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.

[1] D. Bell and L. Lapadula, “Secure Computer Systems: Mathematical Foundations,” Technical Report MTR-2547, vol. 1, MITRE Corp., Mar. 1973.
[2] P.A. Bonatti, M.L. Sapino, and V.S. Subrahmanian, “Merging Heterogeneous Security Orderings,” Proc. European Symp. Research in Computer Security (ESORICS), pp. 183-197, 1996.
[3] P. Bonatti, S.D.C. Vimercati, and P. Samarati, “An Algebra for Composing Access Control Policies,” ACM Trans. Information and System Security, vol. 5, no. 1, Feb. 2002.
[4] E. Cohen, R.K. Thomas, W. Winsborough, and D. Shands, “Models for Coalition-Based Access Control,” Proc. Seventh ACM Symp. Access Control Models and Technologies, June 2002.
[5] S. Dawson, S. Qian, and P. Samarati, “Providing Security and Interoperation of Heterogeneous Systems,” Distributed and Parallel Databases, vol. 8, pp. 119-145, Aug. 2000.
[6] X. Qian and T.F. Lunt, “A MAC Policy Framework for Multilevel Relational Databases,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 1, pp. 3-15, Feb. 1996.
[7] S.I. Gavrila and J.F. Barkley, “Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management,” Proc. Third ACM Workshop Role-Based Access Control, Oct. 1998.
[8] E. Bertino, E. Ferrari, and V. Atluri, “The Specification and Enforcement of Authorization Constraints in Workflow Management Systems,” ACM Trans. Information and System Security, vol. 2, no. 1, pp. 65-104, 1999.
[9] E. Bertino, F. Buccafurri, E. Ferrari, and P. Rullo, “A Logical Framework for Reasoning on Data Access Control Policies,” Proc. 12th IEEE Computer Security Foundations Workshop, pp. 175-189, 1999.
[10] L. Gong and X. Qian, “Computational Issues in Secure Interoperation,” IEEE Trans. Software Eng., vol. 22, no. 1, Jan. 1996.
[11] G. Yan, W.K. Ng, and E. Lim, “Product Schema Integration for Electronic Commerce–A Synonym Comparison Approach,” IEEE Trans. Knowledge and Data Eng., vol. 14, no. 3, pp. 583-598, May/June 2002.
[12] G.J. Ahn, M. Kang, J. Park, and R. Sandhu, “Injecting RBAC to Secure a Web-Based Workflow System,” Proc ACM Workshop Role-Based Access Control (RBAC), 2000.
[13] J.B.D. Joshi, A. Ghafoor, W. Aref, and E.H. Spafford, “Digital Government Security Infrastructure Design Challenges,” Computer, vol. 34, no. 2, pp. 66-72, Feb. 2001.
[14] J.B.D. Joshi, E. Bertino, and A. Ghafoor, “Temporal Hierarchies and Inheritance Semantics for GTRBAC,” Proc. Seventh ACM Symp. Access Control Models and Technologies, pp. 74-83, June 2002.
[15] J.B.D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005.
[16] M. Koch, L.V. Mancini, and F.P. Presicce, “A Graph-Based Formalism for RBAC,” ACM Trans. Information and System Security, vol. 5, no. 3, pp. 332-365, Aug. 2002.
[17] E. Lupu and M. Sloman, “Conflicts in Policy-Based Distributed Systems Management,” IEEE Trans. Software Eng., vol 25, no. 6, pp. 852-869, Nov. 1999.
[18] W.S. Li and C. Clifton, “Semantic Integration in Heterogeneous Databases Using Neural Networks,” Proc. Very Large Data Bases Conf., 1994.
[19] S.L. Osborn, R. Sandhu, and Q. Munawer, “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies,” ACM Trans. Information and System Security, vol. 3, no. 2, pp. 85-106, Feb. 2000.
[20] R. Pottinger and P.A. Bernstein, “Merging Models Based on Given Correspondences,” Proc. Very Large Data Bases Conf., pp. 826-873, 2003.
[21] R. Power, ‘Tangled Web’: Tales of Digital Crime from the Shadows of Cyberspace. Que/Macmillan Publishing, Aug. 2000.
[22] R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role Based Access Control Models,” Computer, vol. 29, no. 2, Feb. 1996.
[23] R. Sandhu, “Role Activation Hierarchies,” Proc. Third ACM Workshop Role-Based Access Control, Oct. 1998.
[24] V. Vet and N. Mars, “Bottom-Up Construction of Ontologies,” IEEE Trans. Knowledge and Data Eng., vol. 10, no. 4, pp. 513-526, July/Aug. 1998.
[25] L.A. Wolsey, Integer Programming. New York: John Wiley, 1998.
[26] C. Batini, M. Lenzrini, and S.B. Navathe, “A Comparative Analysis of Methodologies for Database Schema Integration,” ACM Computing Surveys, vol. 18, no. 4, pp. 323-364, 1986.

Index Terms:
Index Terms- Secure interoperation, policy integration, Role-Based Access Control (RBAC), multidomain.
Citation:
Basit Shafiq, James B.D. Joshi, Elisa Bertino, Arif Ghafoor, "Secure Interoperation in a Multidomain Environment Employing RBAC Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 17, no. 11, pp. 1557-1577, Nov. 2005, doi:10.1109/TKDE.2005.185
Usage of this product signifies your acceptance of the Terms of Use.