Affiliation:
1. Zhejiang Normal University
Abstract
Role mapping is a basic technique for facilitating interoperation in RBAC-based collaborating environments. However, role mapping lacks the flexibility to specify access control policies in the scenarios where the access control is not a simple action, but consists of a sequence of actions and events from subjects and system. In this paper, we propose an attribute mapping technique to establish secure context in multi-domain environments. We first classify attributes into eight types and show that only two types of attributes need to be translated. We second give the definition of attribute mapping technique, and analysis the properties of attribute mapping. Finally, we study how cardinality constraint violation arises and shows that it is efficient to resolve this security violation.
Publisher
Trans Tech Publications, Ltd.
Reference10 articles.
1. H. Huang, H. Kirchne, Secure interoperation design in multi-domains environments based on colored Petri nets. International Journal of Information Sciences, Volume 221, February, 2013, pp.591-606.
2. D. Basin, S. J. Burri, G. Karjoth, Dynamic enforcement of abstract separation of duty constraints. ACM Transactions on Information and System Security, Vol. 15, Issue 3, 2012, pp.30-50.
3. J. Hu, R. Li, Z. Lu, J. Lu, X. Ma, RAR: A role-and-risk based flexible framework for secure collaboration. Future Generation Computer System, vol. 27, no. 5, 2011, pp.574-586.
4. A. Kapadia , J. Al-Muhtadi , R. Campbell , et al, IRBAC2000 : Secure interoperability using dynamic role translation. University of Illinois, Technical Report: UIUCDCS-R-2000-2162, (2000).
5. J. Hu, R. Li,Z. Lu, On Role Mappings for RBAC-based Secure Interoperation. Proc. 3rd International Conference on Network and System Security, Gold Coast, Queensland, Australia, October, 2009, pp.270-277.