Security Violation Detection for RBAC Based Interoperation in Distributed Environment

Xinyu WANG  Jianling SUN  Xiaohu YANG  Chao HUANG  Di WU  

IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.5   pp.1447-1456
Publication Date: 2008/05/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.5.1447
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Access Control
RBAC,  interoperation,  distributed environment,  security violation,  

Full Text: PDF(403.2KB)>>
Buy this Article

This paper proposes a security violation detection method for RBAC based interoperation to meet the requirements of secure interoperation among distributed systems. We use role mappings between RBAC systems to implement trans-system access control, analyze security violation of interoperation with role mappings, and formalize definitions of secure interoperation. A minimum detection method according to the feature of RBAC system in distributed environment is introduced in detail. This method reduces complexity by decreasing the amount of roles involved in detection. Finally, we analyze security violation further based on the minimum detection method to help administrators eliminate security violation.