Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition

Zhai Zhengde, Xu Zhen, and Feng Dengguo

Journal of Computer Research and Development > 2008 > 45(4): 677-683.

Zhai Zhengde, Xu Zhen, and Feng Dengguo. Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition[J]. Journal of Computer Research and Development, 2008, 45(4): 677-683.

Citation:

Zhai Zhengde, Xu Zhen, and Feng Dengguo. Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition[J]. Journal of Computer Research and Development, 2008, 45(4): 677-683.

Citation:

Zhai Zhengde, Xu Zhen, and Feng Dengguo. Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition[J]. Journal of Computer Research and Development, 2008, 45(4): 677-683.

PDF (407 KB)

Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition

Zhai Zhengde, Xu Zhen, and Feng Dengguo

(State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080)

More Information

Published Date: April 14, 2008

Graphical Abstract

Abstract

Abstract

Secure interoperation is a crucial technique for cross-domain resource sharing and protection. In the IRBAC2000 model, Kapadia proposes role association and dynamic role translation, through which secure interoperation can be accomplished in a very flexible way. The fact that the model can cause violations of static mutual exclusive role (SMER) constraints is firstly discovered by Liao Junguo et al, the reason for which is also analyzed. A detection algorithm for SMER violations and prerequisite conditions for adding new role associations are also presented. In the paper, it is firstly made clear that Liao's assertion about the reason of constraint violations is only partial and thus violations can not be totally prohibited. It is also clarified that under the circumstance of given role associations the inappropriate user/role assignments in other domains are the real reason behind. Then the necessary and sufficient condition for SMER violation is proposed and a corresponding algorithm for violation detection is presented. Because both new role associations and new user/role assignments can cause SMER violation, prerequisite conditions for adding them are subsequently proposed, which can ensure that the SMER constraints are always enforced during the state transitions of the model.
- secure interoperation,
- dynamic role translation,
- role association,
- static mutual exclusive role,
- constraint violation

FullText(HTML)

References (0)

[1]	Yu Tingting, Li Chao, Wang Boxiang, Chen Rui, Jiang Yunsong. Atomicity Violation Detection for Interrupt-Driven Aerospace Embedded Software[J]. Journal of Computer Research and Development, 2023, 60(2): 294-310. DOI: 10.7544/issn1000-1239.202220908
[2]	Zhai Zhigang, Wang Jiandong, Cao Zining, Mao Yuguang. Hybrid Role Mining Methods with Minimal Perturbation[J]. Journal of Computer Research and Development, 2013, 50(5): 951-960.
[3]	Ma Yuchi, Yang Ning, Xie Lin, Li Chuan, and Tang Changjie. Social Roles Discovery of Moving Objects Based on Spatial-Temporal Associated Semantics and Temporal Entropy of Trajectories[J]. Journal of Computer Research and Development, 2012, 49(10): 2153-2160.
[4]	Liu Meng, Wang Xuan, Huang Hejiao, Zhao Hainan, Zhang Jiajia. A Detection Model Based on Petri Nets of SMER Constraints Violation in Dynamic Role Translation[J]. Journal of Computer Research and Development, 2012, 49(9): 1991-1998.
[5]	Wang Hongbing, Fan Zhihua, and She Chundong. Dynamic Role Assignment for Multi-Agent System with Parallel Constraints Among Goals[J]. Journal of Computer Research and Development, 2007, 44(4): 693-700.
[6]	Liao Junguo, Hong Fan, Zhu Xian, Xiao Haijun. Separation of Duty in Dynamic Role Translations Between Administrative Domains[J]. Journal of Computer Research and Development, 2006, 43(6): 1065-1070.
[7]	Xu Guihong, Zhang Jian. Constraint-Based Termination Analysis of Active Rules[J]. Journal of Computer Research and Development, 2006, 43(5): 894-900.
[8]	Ji Xiaohui, Zhang Jian. An Efficient and Complete Method for Solving Mixed Constraints[J]. Journal of Computer Research and Development, 2006, 43(3): 551-556.
[9]	Xing Guanglin and Hong Fan. A Workflow Authorization Model Based on Role and Task and Constraints Specification[J]. Journal of Computer Research and Development, 2005, 42(11): 1946-1953.
[10]	Long Qin, Liu Peng, Pan Aimin. Research and Implementation of an Extended Administrative Role-Based Access Control Model[J]. Journal of Computer Research and Development, 2005, 42(5): 868-876.