Separation of Duty in Dynamic Role Translations Between Administrative Domains

Liao Junguo; Hong Fan; Zhu Xian; Xiao Haijun

Journal of Computer Research and Development > 2006 > 43(6): 1065-1070.

Liao Junguo, Hong Fan, Zhu Xian, Xiao Haijun. Separation of Duty in Dynamic Role Translations Between Administrative Domains[J]. Journal of Computer Research and Development, 2006, 43(6): 1065-1070.

Citation:

PDF (388 KB)

Separation of Duty in Dynamic Role Translations Between Administrative Domains

1(College of Computer Science & Technology, Huazhong University of Science & Technology, Wuhan 430074) 2(School of Computer Science & Engineering, Hunan University of Science & Technology, Xiangtan 411201)

More Information

Published Date: June 14, 2006

Graphical Abstract

Abstract

Abstract

Secure interaction and interoperability between two or more administrative domains is a major concern. Kapadia et al. proposed the IRBAC 2000 model, which can be used to accomplish flexibly dynamic inter-domain role translations. However, in the IRBAC 2000 model, separation of duties is not considered, which is one of three basic security principles supported by the RBAC model, and enforced by statically mutually exclusive role constraints. Therefore, in this paper, the scenarios where dynamic role translations violate statically mutually exclusive role constraints are analyzed in detail, an approach to check the security problem is provided, and a protective mechanism utilizing prerequisite conditions to enforce the security of the IRBAC 2000 model is proposed.
- IRBAC 2000 model,
- dynamic role translation,
- mutually exclusive roles,
- prerequisite conditions

FullText(HTML)

References (0)

[1]	Xu He, Wu Di, Lu Jiwu, Li Renfa. An Intrusion Detection Algorithm and Its Hardware Acceleration for CAN in Vehicles[J]. Journal of Computer Research and Development, 2023, 60(12): 2783-2796. DOI: 10.7544/issn1000-1239.202220035
[2]	Yin Shenglin, Zhang Xinglan, Zuo Liyu. Intrusion Detection System for Dual Route Deep Capsule Network[J]. Journal of Computer Research and Development, 2022, 59(2): 418-429. DOI: 10.7544/issn1000-1239.20200825
[3]	Ren Jiadong, Liu Xinqian, Wang Qian, He Haitao, Zhao Xiaolin. An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-575. DOI: 10.7544/issn1000-1239.2019.20180063
[4]	Shi Shengfei, Zhang Wei, Li Jianzhong. A Complex Event Detection Algorithm Based on Correlation Analysis[J]. Journal of Computer Research and Development, 2014, 51(8): 1871-1879. DOI: 10.7544/issn1000-1239.2014.20120813
[5]	Wang Qi'an and Chen Bing. Intrusion Detection System Using CVM Algorithm with Extensive Kernel Methods[J]. Journal of Computer Research and Development, 2012, 49(5): 974-982.
[6]	Mao Guojun and Zong Dongjun. An Intrusion Detection Model Based on Mining Multi-Dimension Data Streams[J]. Journal of Computer Research and Development, 2009, 46(4): 602-609.
[7]	Li Qinghua and Zhao Feng. The PBL Method: A Novel Parallel Error Detection Method for Intrusion Tolerance Systems[J]. Journal of Computer Research and Development, 2006, 43(8): 1411-1416.
[8]	Yang Wu, Yun Xiaochun, Li Jianhua. An Efficient Approach to Intrusion Detection Based on Boosting Rule Learning[J]. Journal of Computer Research and Development, 2006, 43(7): 1252-1259.
[9]	Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.
[10]	Wang Jin, Li Dequan, and Feng Dengguo. An Autonomous Agent-Based Adaptive Distributed Intrusion Detection System[J]. Journal of Computer Research and Development, 2005, 42(11): 1934-1939.