Separation of Duty in Trust-Based Collaboration

Authors:
Lingli Deng;Yeping He;Ziyao Xu
Affiliations:
Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China 100190 and Graduate School, Chinese Academy of Sciences, Beijing, P.R.China 100049;Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China 100190;Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China 100190 and Graduate School, Chinese Academy of Sciences, Beijing, P.R.China 100049
Venue:
Information Security and Cryptology
Year:
2009

Citing 10
Cited 0

Role-Based Access Control Models

Computer
Computational Issues in Secure Interoperation

IEEE Transactions on Software Engineering
Providing Security and Interoperation of HeterogeneousSystems

Distributed and Parallel Databases - Security of data and transaction processing
Configuring role-based access control to enforce mandatory and discretionary access control policies

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Role-Based Access Control

Role-Based Access Control
On mutually-exclusive roles and separation of duty

Proceedings of the 11th ACM conference on Computer and communications security
Peer-to-peer access control architecture using trusted computing technology

Proceedings of the tenth ACM symposium on Access control models and technologies
Secure Interoperation in a Multidomain Environment Employing RBAC Policies

IEEE Transactions on Knowledge and Data Engineering
Secure collaboration in mediator-free environments

Proceedings of the 12th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

When domains employing heterogeneous RBAC policies collaborate by crossdomain role-role mappings, their local Separation of Duty constraints face the risk of breaching. We present the requirements for constraint-secure interoperation, to prohibit implicit authorizations that break constraints from other member domains, and propose a trust-based framework to ensure constraint-secure interoperation. The framework introduces cross-domain migration and remote assurance of constraints between mutually trusted domains to maximize interoperability, while ensuring separation of constraints between distrusted domains to minimize security risk. Specifically, we use a bitmap-based history-recording mechanism for member domains to analyze the interplay among innerdomain role hierarchies, crossdomain mappings and constraints. Algorithms of a fully distributed implementation, security proofs and illustrative usage cases for the proposed solution are provided.