Inconsistency Resolution Method for RBAC Based Interoperation

Chao HUANG  Jianling SUN  Xinyu WANG  Di WU  

IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.5   pp.1070-1079
Publication Date: 2010/05/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.1070
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
role based access control,  security inconsistency,  role mapping,  inconsistency detection,  inconsistency resolution,  

Full Text: PDF(518.7KB)>>
Buy this Article

In this paper, we propose an inconsistency resolution method based on a new concept, insecure backtracking role mapping. By analyzing the role graph, we prove that the root cause of security inconsistency in distributed interoperation is the existence of insecure backtracking role mapping. We propose a novel and efficient algorithm to detect the inconsistency via finding all of the insecure backtracking role mappings. Our detection algorithm will not only report the existence of inconsistency, but also generate the inconsistency information for the resolution. We reduce the inconsistency resolution problem to the known Minimum-Cut problem, and based on the results generated by our detection algorithm we propose an inconsistency resolution algorithm which could guarantee the security of distributed interoperation. We demonstrate the effectiveness of our approach through simulated tests and a case study.