Separation of Duty in Dynamic Role Translations Between Administrative Domains

Liao Junguo; Hong Fan; Zhu Xian; Xiao Haijun

Journal of Computer Research and Development > 2006 > 43(6): 1065-1070.

Liao Junguo, Hong Fan, Zhu Xian, Xiao Haijun. Separation of Duty in Dynamic Role Translations Between Administrative Domains[J]. Journal of Computer Research and Development, 2006, 43(6): 1065-1070.

Citation:

PDF (388 KB)

Separation of Duty in Dynamic Role Translations Between Administrative Domains

1(College of Computer Science & Technology, Huazhong University of Science & Technology, Wuhan 430074) 2(School of Computer Science & Engineering, Hunan University of Science & Technology, Xiangtan 411201)

More Information

Published Date: June 14, 2006

Graphical Abstract

Abstract

Abstract

Secure interaction and interoperability between two or more administrative domains is a major concern. Kapadia et al. proposed the IRBAC 2000 model, which can be used to accomplish flexibly dynamic inter-domain role translations. However, in the IRBAC 2000 model, separation of duties is not considered, which is one of three basic security principles supported by the RBAC model, and enforced by statically mutually exclusive role constraints. Therefore, in this paper, the scenarios where dynamic role translations violate statically mutually exclusive role constraints are analyzed in detail, an approach to check the security problem is provided, and a protective mechanism utilizing prerequisite conditions to enforce the security of the IRBAC 2000 model is proposed.
- IRBAC 2000 model,
- dynamic role translation,
- mutually exclusive roles,
- prerequisite conditions

FullText(HTML)

References (0)

[1]	Chen Zhiqiang, Zhou Hongwei, Feng Quanyou, Deng Rangyu. Design and Implementation of Configurable Cache Coherence Protocol for Multi-Core Processor[J]. Journal of Computer Research and Development, 2021, 58(6): 1166-1175. DOI: 10.7544/issn1000-1239.2021.20210174
[2]	Hou Pengpeng, Zhang Heng, Wu Yanjun, Yu Jiageng, Tai Yang, Miao Yuxia. Kernel Configuration Infographic Based on Multi-Label and Its Application[J]. Journal of Computer Research and Development, 2021, 58(3): 651-667. DOI: 10.7544/issn1000-1239.2021.20200186
[3]	Wang Tao, Chen Wei, Li Juan, Liu Shaohua, Su Lingang, Zhang Wenbo. Association Mining Based Consistent Service Configuration[J]. Journal of Computer Research and Development, 2020, 57(1): 188-201. DOI: 10.7544/issn1000-1239.2020.20190079
[4]	Wu Weiguo, Wang Chaohui, Wang Jinyu, Nie Shiqiang, Hu Zhuang. MH-RLE: A Compression Algorithm for Dynamic Reconfigurable System Configuration Files Based on Run-Length Coding[J]. Journal of Computer Research and Development, 2018, 55(5): 1049-1064. DOI: 10.7544/issn1000-1239.2018.20170015
[5]	Shen Jianliang, Li Sikun, Liu Lei, Wang Guanwu, Wang Xin, Liu Qinrang. Hierarchical Configuration Memory Design for Coarse-Grained Reconfigurable SoC[J]. Journal of Computer Research and Development, 2017, 54(5): 1121-1129. DOI: 10.7544/issn1000-1239.2017.20150889
[6]	Wang Cong, Yuan Ying, Peng Sancheng, Wang Xingwei, Wang Cuirong, Wan Cong. Fair Virtual Network Embedding Algorithm with Topology Pre-Configuration[J]. Journal of Computer Research and Development, 2017, 54(1): 212-220. DOI: 10.7544/issn1000-1239.2017.20150785
[7]	Li Yong, Wang Zhiying, Zhao Xuemi, and Yue Hong. Design of Application Specific Instruction-Set Processors Directed by Configuration Stream Driven Computing Architecture[J]. Journal of Computer Research and Development, 2007, 44(4): 714-721.
[8]	Fan Yibo, Zeng Xiaoyang, and Yu Yu. VLSI Design of a High-Speed RSA Crypto-Coprocessor with Reconfigurable Architecture[J]. Journal of Computer Research and Development, 2006, 43(6): 1076-1082.
[9]	Gu Haiyun, Li Li, Xu Juyan, Gao Minglun. Lossless Configuration Bitstream Compression for Virtex FPGAs[J]. Journal of Computer Research and Development, 2006, 43(5): 940-945.
[10]	Tian Junfeng, Liu Yuling, Du Ruizhong. The Model and Adaptive Configuration Management Strategy for a Distributed Database Server System[J]. Journal of Computer Research and Development, 2005, 42(1): 126-133.