Title :
Secure interoperation in a multidomain environment employing RBAC policies
Author :
Shafiq, Basit ; Joshi, James B.D. ; Bertino, Elisa ; Ghafoor, Arif
Author_Institution :
Sch. of Electr. & Comput. Eng., Purdue Univ., West Lafayette, IN, USA
Abstract :
Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous role-based access control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.
Keywords :
Internet; authorisation; integer programming; open systems; Internet-based enterprise; heterogeneous role-based access control; integer programming; multidomain application environment; optimality criterion; policy integration framework; secure interoperation; Access control; Application software; Collaboration; Computer Society; Data security; Information security; Internet; Merging; Multilevel systems; Resource management; Index Terms- Secure interoperation; Role-Based Access Control (RBAC); multidomain.; policy integration;
Journal_Title :
Knowledge and Data Engineering, IEEE Transactions on
DOI :
10.1109/TKDE.2005.185
