Integrating Trust and Role for Secure Interoperation in Multi-Domain Environment

Author

Lu, Jianfeng ; Li, Ruixuan ; Lu, Zhengding ; Li, Bing

Author_Institution

Huazhong Univ. of Sci. & Technol., Wuhan

fYear

2008

fDate

24-26 April 2008

Firstpage

77

Lastpage

82

Abstract

Traditional access control disciplines such as RBAC has difficulty in covering open and decentralized multi-centric systems because it has focused on a closed system where all users are known and primarily utilizes a server-side reference monitor within the system. Trust management has relaxed this known user restriction and allowed authorize for strangers based on their credentials. However, trust management has also been found to be lacking because of certain inherent drawbacks with the notion of credential. In this work, a new access control model T&RBAC is presented in this paper. It integrates RBAC and TM. User can be assigned to local roles, also can be assigned to foreign roles based on his credential and local roles. We proof that there is no security constraints in T&RBAC. To some extends, T&RBAC is only a core model and can be extended for specific requirement.

Keywords

authorisation; decentralized multicentric systems; multidomain environment; role-based access control; secure interoperation; server-side reference monitor; trust management; user restriction; Access control; Collaborative work; Computer science; Control systems; Digital control; Distributed computing; Educational institutions; Environmental management; Information security; Open systems; Interoperation; Multi-Domain; RBAC; Trust Management;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.30

Filename

4511538