Role-Based Access Control Models
Computer
Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
Providing Security and Interoperation of HeterogeneousSystems
Distributed and Parallel Databases - Security of data and transaction processing
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Role-Based Access Control
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Secure collaboration in mediator-free environments
Proceedings of the 12th ACM conference on Computer and communications security
Hi-index | 0.00 |
When domains employing heterogeneous RBAC policies collaborate by crossdomain role-role mappings, their local Separation of Duty constraints face the risk of breaching. We present the requirements for constraint-secure interoperation, to prohibit implicit authorizations that break constraints from other member domains, and propose a trust-based framework to ensure constraint-secure interoperation. The framework introduces cross-domain migration and remote assurance of constraints between mutually trusted domains to maximize interoperability, while ensuring separation of constraints between distrusted domains to minimize security risk. Specifically, we use a bitmap-based history-recording mechanism for member domains to analyze the interplay among innerdomain role hierarchies, crossdomain mappings and constraints. Algorithms of a fully distributed implementation, security proofs and illustrative usage cases for the proposed solution are provided.