Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition
-
Graphical Abstract
-
Abstract
Secure interoperation is a crucial technique for cross-domain resource sharing and protection. In the IRBAC2000 model, Kapadia proposes role association and dynamic role translation, through which secure interoperation can be accomplished in a very flexible way. The fact that the model can cause violations of static mutual exclusive role (SMER) constraints is firstly discovered by Liao Junguo et al, the reason for which is also analyzed. A detection algorithm for SMER violations and prerequisite conditions for adding new role associations are also presented. In the paper, it is firstly made clear that Liao's assertion about the reason of constraint violations is only partial and thus violations can not be totally prohibited. It is also clarified that under the circumstance of given role associations the inappropriate user/role assignments in other domains are the real reason behind. Then the necessary and sufficient condition for SMER violation is proposed and a corresponding algorithm for violation detection is presented. Because both new role associations and new user/role assignments can cause SMER violation, prerequisite conditions for adding them are subsequently proposed, which can ensure that the SMER constraints are always enforced during the state transitions of the model.
-
-