Issue No. 11 - November (2005 vol. 17)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2005.185
Basit Shafiq , IEEE
James B.D. Joshi , IEEE Computer Society
Elisa Bertino , IEEE
Arif Ghafoor , IEEE
Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous Role-Based Access Control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.
Index Terms- Secure interoperation, policy integration, Role-Based Access Control (RBAC), multidomain.
B. Shafiq, J. B. Joshi, A. Ghafoor and E. Bertino, "Secure Interoperation in a Multidomain Environment Employing RBAC Policies," in IEEE Transactions on Knowledge & Data Engineering, vol. 17, no. , pp. 1557-1577, 2005.