Approaches to access control policy comparison and the inter-domain role mapping problem

  • Hong Xiang Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education, China
  • Xiaofeng Xia Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education, China
  • Haibo Hu School of Software Engineering, Chongqing University, China
  • Sheng Wang Department of Information and Communication Security and Technology, Sichuan Electric Power Research Institute, China.
  • Jun Sang School of Software Engineering, Chongqing University, China
  • Chunxiao Ye Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education, China
Keywords: abduction, role mapping, access control policy comparison, equivalent access, collaboration model

Abstract

The requirement to develop an organization makes collaboration with other organizations necessary, so the organizations can share resources to perform common tasks. Different organizational domains use different access control models to protect their resources from unauthorized access. Organizational collaboration is an important goal for distributed computing paradigms, but policy inconsistencies between domains will cause problems in a collaboration model that add to the problems involved in constructing the collaboration model itself. These problems provide the two challenges that motivate the research presented here: (1) the construction of a collaboration model across multiple domains protected by different access control models; and (2) ensuring that the access control policy used by a participating domain contains no inconsistencies. We also present our new approach to solving the inter-domain role mapping (IDRM) problem, i.e., to determine the minimal role set that covers requested permissions from a collaborating domain. We also analyse our algorithms, present the results of our tests, and compare our results with the results of existing approaches.

DOI: http://dx.doi.org/10.5755/j01.itc.45.3.13187

Published
2016-09-27
Section
Articles