Issue No.11 - November (2005 vol.17)
Basit Shafiq , IEEE
James B.D. Joshi , IEEE Computer Society
Elisa Bertino , IEEE
Arif Ghafoor , IEEE
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2005.185
Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.
Index Terms- Secure interoperation, policy integration, Role-Based Access Control (RBAC), multidomain.
Basit Shafiq, James B.D. Joshi, Elisa Bertino, Arif Ghafoor, "Secure Interoperation in a Multidomain Environment Employing RBAC Policies", IEEE Transactions on Knowledge & Data Engineering, vol.17, no. 11, pp. 1557-1577, November 2005, doi:10.1109/TKDE.2005.185