Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Full text

Pdf (414 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the eleventh ACM symposium on Access control models and technologies table of contents

Lake Tahoe, California, USA

SESSION: Information sharing table of contents

Pages: 228 - 236

Year of Publication: 2006

ISBN:1-59593-353-0

Authors

Siqing Du	University of Pittsburgh, Pittsburgh, PA
James B. D. Joshi	University of Pittsburgh, Pittsburgh, PA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 58, Citation Count: 4

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1133058.1133090 What is a DOI?

ABSTRACT

The role hierarchy is one of the most distinguished features of an RBAC approach to securing large systems as it facilitates efficient administration of permissions. However, the role hierarchy as defined in the currently standardized RBAC model has limitations in capturing generic policy requirements such as separation of duty, time-based and cardinality constraints. To address such limitations, permission inheritance and activation inheritance semantics have been introduced to define three different types of role hierarchies. In presence of a hybrid hierarchy that allows all the three types of hierarchies to coexist, the overall hierarchy administration problem becomes quite complex. A key problem is to efficiently handle authorization queries to decide whether a user's request to activate a set of roles should be granted. A hybrid hierarchy also makes the problem of mapping a request for a set of permissions to a minimal set of roles difficult. Such a mapping is crucial in multidomain environments where different security domains have to establish and engage in secure interoperation by first mapping their security policies. In this paper, we investigate these two problems and present solutions that are efficient and practical.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Joachim Biskup , Ulrich Flegel , Yücel Karabulut, Secure Mediation: Requirements and Design, Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects, p.127-140, July 15-17, 1998
	2	Piero A. Bonatti , Maria Luisa Sapino , V. S. Subrahmanian, Merging Heterogeneous Security Orderings, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.183-197, September 25-27, 1996
	3	Chandran, S.M., Joshi, J.B.D. Towards Administration of a Hybrid Role Hierarchy, IEEE International Conference on Information Reuse and Integration, 2005.
	4	Thomas T. Cormen , Charles E. Leiserson , Ronald L. Rivest, Introduction to algorithms, MIT Press, Cambridge, MA, 1990
	5	Steven Dawson , Shelly Qian , Pierangela Samarati, Providing Security and Interoperation of HeterogeneousSystems, Distributed and Parallel Databases, v.8 n.1, p.119-145, Jan. 2000 [doi>10.1023/A:1008787317852]
	6	Ferraiolo, D. F., Gilbert, D. M., Lynch, N. An Examination of Federal and Commercial Access Control Policy Needs, NISTNCSC National Computer Security,1993, 107--116.
	7	Ferraiolo, D.F, Kuhn, D.R. Role Based Access Control. 15th National Computer Security Conference, 1992.
	8	Li Gong , Xiaolei Qian, Computational Issues in Secure Interoperation, IEEE Transactions on Software Engineering, v.22 n.1, p.43-52, January 1996 [doi>10.1109/32.481533]
	9	Johnson, D.S., Approximation algorithms for combinatorial problems. J. Comput. System Sci. 9, 1974. 256--278.
	10	James B. D. Joshi , Walid G. Aref , Arif Ghafoor , Eugene H. Spafford, Security models for web-based applications, Communications of the ACM, v.44 n.2, p.38-44, Feb. 2001 [doi>10.1145/359205.359224]
	11	James B D Joshi , Elisa Bertino , Arif Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507724]
	12	James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005 [doi>10.1109/TKDE.2005.1]
	13	Joshi, J.B.D., Bertino, E., Ghafoor, A. Formal Foundation for Hybrid Hierarchies in GTRBAC. ACM Transactions on Information and System Security. (revised submission).
	14	James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005 [doi>10.1109/TDSC.2005.18]
	15	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000 [doi>10.1145/354876.354878]
	16	Smithi Piromruen , James B. D. Joshi, An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments, Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, p.36-48, February 02-04, 2005 [doi>10.1109/WORDS.2005.18]
	17	Ravi S. Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.65-79, September 25-27, 1996
	18	Sandip Sen, Minimal cost set covering using probabilistic methods, Proceedings of the 1993 ACM/SIGAPP symposium on Applied computing: states of the art and practice, p.157-164, February 14-16, 1993, Indianapolis, Indiana, United States [doi>10.1145/162754.162852]
	19	Basit Shafiq , James B. D. Joshi , Elisa Bertino , Arif Ghafoor, Secure Interoperation in a Multidomain Environment Employing RBAC Policies, IEEE Transactions on Knowledge and Data Engineering, v.17 n.11, p.1557-1577, November 2005 [doi>10.1109/TKDE.2005.185]
	20	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, SERAT: SEcure role mApping technique for decentralized secure interoperability, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden [doi>10.1145/1063979.1064007]

CITED BY 4

	Liang Chen , Jason Crampton, Inter-domain role mapping and least privilege, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Paul El Khoury , Emmanuel Coquery , Mohand-Said Hacid, Consistency checking of role assignments in inter-organizational collaboration, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
	Yue Zhang , James B. D. Joshi, UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Guneshi T. Wickramaarachchi , Wahbeh H. Qardaji , Ninghui Li, An efficient framework for user authorization queries in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy