Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Authors:
Siqing Du;James B. D. Joshi
Affiliations:
University of Pittsburgh, Pittsburgh, PA;University of Pittsburgh, Pittsburgh, PA
Venue:
Proceedings of the eleventh ACM symposium on Access control models and technologies
Year:
2006

Citing 16
Cited 13

Introduction to algorithms

Introduction to algorithms
Minimal cost set covering using probabilistic methods

SAC '93 Proceedings of the 1993 ACM/SIGAPP symposium on Applied computing: states of the art and practice
Computational Issues in Secure Interoperation

IEEE Transactions on Software Engineering
Providing Security and Interoperation of HeterogeneousSystems

Distributed and Parallel Databases - Security of data and transaction processing
Configuring role-based access control to enforce mandatory and discretionary access control policies

ACM Transactions on Information and System Security (TISSEC)
Security models for web-based applications

Communications of the ACM
Temporal hierarchies and inheritance semantics for GTRBAC

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Secure Mediation: Requirements and Design

Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Merging Heterogeneous Security Orderings

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Role Hierarchies and Constraints for Lattice-Based Access Controls

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
SERAT: SEcure role mApping technique for decentralized secure interoperability

Proceedings of the tenth ACM symposium on Access control models and technologies
An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Dependable and Secure Computing
An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments

WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Secure Interoperation in a Multidomain Environment Employing RBAC Policies

IEEE Transactions on Knowledge and Data Engineering
Formal foundations for hybrid hierarchies in GTRBAC

ACM Transactions on Information and System Security (TISSEC)

Inter-domain role mapping and least privilege

Proceedings of the 12th ACM symposium on Access control models and technologies
UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints

Proceedings of the 13th ACM symposium on Access control models and technologies
Consistency checking of role assignments in inter-organizational collaboration

SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
An efficient framework for user authorization queries in RBAC systems

Proceedings of the 14th ACM symposium on Access control models and technologies
Establishing RBAC-based secure interoperability in decentralized multi-domain environments

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Mediator-free secure policy interoperation of exclusively-trusted multiple domains

ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Role updating for assignments

Proceedings of the 15th ACM symposium on Access control models and technologies
Set covering problems in role-based access control

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A secure collaboration service for dynamic virtual organizations

Information Sciences: an International Journal
An interoperation framework for secure collaboration among organizations

Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS
RAR: A role-and-risk based flexible framework for secure collaboration

Future Generation Computer Systems
xDAuth: a scalable and lightweight framework for cross domain access control and delegation

Proceedings of the 16th ACM symposium on Access control models and technologies
Mitigating the intractability of the user authorization query problem in role-based access control (RBAC)

NSS'12 Proceedings of the 6th international conference on Network and System Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The role hierarchy is one of the most distinguished features of an RBAC approach to securing large systems as it facilitates efficient administration of permissions. However, the role hierarchy as defined in the currently standardized RBAC model has limitations in capturing generic policy requirements such as separation of duty, time-based and cardinality constraints. To address such limitations, permission inheritance and activation inheritance semantics have been introduced to define three different types of role hierarchies. In presence of a hybrid hierarchy that allows all the three types of hierarchies to coexist, the overall hierarchy administration problem becomes quite complex. A key problem is to efficiently handle authorization queries to decide whether a user's request to activate a set of roles should be granted. A hybrid hierarchy also makes the problem of mapping a request for a set of permissions to a minimal set of roles difficult. Such a mapping is crucial in multidomain environments where different security domains have to establish and engage in secure interoperation by first mapping their security policies. In this paper, we investigate these two problems and present solutions that are efficient and practical.