Separation of Duty in Dynamic Role Translations Between Administrative Domains

Secure interaction and interoperability between two or more administrative domains is a major concern. Kapadia et al. proposed the IRBAC 2000 model, which can be used to accomplish flexibly dynamic inter-domain role translations. However, in the IRBAC 2000 model, separation of duties is not considered, which is one of three basic security principles supported by the RBAC model, and enforced by statically mutually exclusive role constraints. Therefore, in this paper, the scenarios where dynamic role translations violate statically mutually exclusive role constraints are analyzed in detail, an approach to check the security problem is provided, and a protective mechanism utilizing prerequisite conditions to enforce the security of the IRBAC 2000 model is proposed.