RAR: A role-and-risk based flexible framework for secure collaboration

  • Authors:
  • Jinwei Hu;Ruixuan Li;Zhengding Lu;Jianfeng Lu;Xiaopu Ma

  • Affiliations:
  • -;-;-;-;-

  • Venue:
  • Future Generation Computer Systems
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Collaboration among virtual organizations enables domains to effectively share resources. However, it also opens ways for several security and privacy breaches; the problem becomes severe along with the increasing complexity and dynamics of grid environments. As such, in this paper, we propose a flexible secure collaboration framework: called RAR (Role-And-Risk). We introduce the architecture of RAR, and two major components of RAR. The first component is for generating inter-domain role mappings (IDRM) as a basis for collaboration. We study the complexity of IDRM while taking the separation of duty constraints and administrative cost into account; it turns out to be intractable for most cases. RAR addresses IDRM related problems by reducing them to well-known problems (e.g., the satisfiability problem SAT), which have been studied for decades and various mature solvers exist in literature. On the other hand, to deal with the dynamics and uncertainty of distributed environments, we employ the notion of risk to monitor and manage the security threat induced by collaboration. RAR's flexibility lies in the tunable interoperability and the use of risk for timely monitoring users' accesses.