Title :
A Theory of Role Composition
Author :
Fischer, Jeffrey ; Majumdar, Rupak
Author_Institution :
Univ. of California, Los Angeles, CA
Abstract :
We study the access control integration problem for web services. Organizations frequently use many services, each with its own access control policies, which must interoperate while maintaining secure access to information. The integration problem is to take the set of such services and to find a globally consistent access control policy that ensures that the system composed from the services does not have any authorization failures or information disclosures. We give a sound and complete algorithm for access control integration by reducing the problem to Boolean constraint solving. We have implemented ROLEMATCHER, a tool to infer global role-based access control schemas for a set of services, and show on examples that it can quickly infer global roles for composed systems, or determine the absence of a globally consistent role schema.
Keywords :
Web services; authorisation; constraint handling; Boolean constraint solving; Web services; access control integration; role composition; Access control; Authorization; Data security; Error correction; Inference algorithms; Information security; Permission; Portals; System testing; Web services; access control; formal methods; web services;
Conference_Titel :
Web Services, 2008. ICWS '08. IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-0-7695-3310-0
Electronic_ISBN :
978-0-7695-3310-0
DOI :
10.1109/ICWS.2008.40
