Security analysis and validation for access control in multi-domain environment based on risk

  • Authors:

  • Zhuo Tang;Shaohua Zhang;Kenli Li;Benming Feng

  • Affiliations:

  • School of Computer and Communications, Hunan University, Changsha;School of Computer and Communications, Hunan University, Changsha;School of Computer and Communications, Hunan University, Changsha;School of Computer and Communications, Hunan University, Changsha

  • Venue:
  • ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

Access control system is often described as a state transition system. Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states. In this paper, we propose to use security analysis techniques to maintain desirable security properties in the Multi-domain Environment based on risk model (MD${\it R^2}$BAC). We give a precise definition of security analysis problems in MD${\it R^2}$BAC, which is more general than safety analysis that is studied in single-domain. We show the process of dynamic permission adjustment in multi-domain environment, and illustrate two classes of problems in the process which can be reduced to similar analysis in the RT[←,∩] role-based trust-management language, thereby establishing an interesting relationship between MD${\it R^2}$BAC and the RT framework. The reduction gives efficient algorithms for answering most kinds of queries in the two stages of dynamic adjustment permissions.