Secure Mediation: Requirements and Design

Biskup, Joachim; Flegel, Ulrich; Karabulut, Yücel

doi:10.1007/978-0-387-35564-1_8

Cited by 11 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An important requirement of emerging system is to be able to share information with other systems [1,8,10]. When a system needs to allow previously unknown entities to access its resources, mechanisms should be in place to ensure that the accesses granted are limited to pre-defined sharing requirements.…”

Section: The Idrm Problemmentioning

confidence: 99%

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Joshi

2006

Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies - SACMAT '06

View full text Add to dashboard Cite

The role hierarchy is one of the most distinguished features of an RBAC approach to securing large systems as it facilitates efficient administration of permissions. However, the role hierarchy as defined in the currently standardized RBAC model has limitations in capturing generic policy requirements such as separation of duty, time-based and cardinality constraints. To address such limitations, permission inheritance and activation inheritance semantics have been introduced to define three different types of role hierarchies. In presence of a hybrid hierarchy that allows all the three types of hierarchies to coexist, the overall hierarchy administration problem becomes quite complex. A key problem is to efficiently handle authorization queries to decide whether a user's request to activate a set of roles should be granted. A hybrid hierarchy also makes the problem of mapping a request for a set of permissions to a minimal set of roles difficult. Such a mapping is crucial in multidomain environments where different security domains have to establish and engage in secure interoperation by first mapping their security policies. In this paper, we investigate these two problems and present solutions that are efficient and practical.

show abstract

Section: The Idrm Problemmentioning

confidence: 99%

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Joshi

2006

Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies - SACMAT '06

View full text Add to dashboard Cite

show abstract

“…Such features make · 1 RBAC better suited for handling access control requirements of diverse organizations. RBAC models have also been found suitable for addressing security issues in the Internet environment [Barkley et al 1997], , [Park et al 2001] and show promise for newer heterogeneous multi-domain environments that raise serious concerns related to access control across domain boundaries [Biskup et al 1998], ].…”

Section: Introductionmentioning

confidence: 99%

Formal foundations for hybrid hierarchies in GTRBAC

Joshi

Bertino

Ghafoor

et al. 2008

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

A role hierarchy defines semantics related to permission acquisitions and role activations through role-role relationships. It can be utilized for efficiently and effectively structuring functional roles of an organization having related access control needs. Temporal constraints on role enablings and role activations can have various implications on such a role hierarchy. The focus of this paper is the analysis of hybrid role hierarchies in the context of the Generalized Temporal Role Based Access Control (GTRBAC) model that allows specification of a comprehensive set of temporal constraints on role, user-role assignments and role-permission assignments. We introduce the notion of uniquely activable set (UAS) associated with a role hierarchy that indicates the access capabilities of a user resulting from his membership to a role in the hierarchy. Identifying such a role set is essential while making an authorization decision about whether or not a user should be allowed to activate a particular combination of roles in a single session. Furthermore, when separation-of-duty (SoD) constraints are present in the system, it is also essential to ensure that there are no role combinations that can be allowed to be activated in a single user session. In other words, knowledge about UAS can be used to facilitate enforcement of the principle of least privilege. Because of the separation of permission inheritance and role activation semantics in GTRBAC, a hybrid hierarchy that allows different hierarchy types to coexist, can give rise to a complex semantics and identifying what role combinations can be allowed to be activated in a session for a user may not be straight forward. We formally show how UAS can be determined for a hybrid hierarchy. Furthermore, within a hybrid hierarchy, various hierarchical relations may be derived between an arbitrary pair of roles. We present a set of inference rules that can be used to generate all the possible derived relations that can be inferred from a specified set of hierarchical relations and show that the set of these inference rules is sound and complete. Another key issue we address in this paper is that of the evolution of role hierarchies through hierarchical transformations. We present an analysis of hierarchy transformations with respect to role addition, deletion and partitioning, and show how various cases of these transformations allow the original permission acquisition and role activation semantics to be managed. The formal results presented here provide a basis for developing efficient security administration and management tools.

show abstract

“…A mediator manages queries on behalf of a user by identifying and addressing appropriate subqueries to heterogeneous and autonomous data sources and by subsequently collecting and integrating the returned answers. A previously reported approach to secure mediation [BFK99,BFK98] is based on a public-key infrastructure and cryptographically signed credentials that encode the eligibility of users. These technologies potentially provide for an inherently scalable and secure mechanism for widely distributing assured authentication and authorization attributes.…”

Section: Introductionmentioning

confidence: 99%

“…These technologies potentially provide for an inherently scalable and secure mechanism for widely distributing assured authentication and authorization attributes. Secure mediation is roughly outlined as follows [BFK99,BFK98]. A user submits evidence of being eligible for seeing the answer to a query by submitting certified personal authorization attributes which are encoded in credentials.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Architecture of The Multimedia Mediator

Altenschmidt

Biskup

Karabulut

2002

Data and Application Security

Self Cite

View full text Add to dashboard Cite

Mediation is a powerful paradigm for advanced interoperable information systems. This paper presents the security module of the multimedia mediator which enforces a previously reported approach to secure mediation. In this approach, a user submits cryptographically signed credentials containing both personal authorization attributes and his public encryption key, and data sources decide on the query access on the basis of shown personal authorization attributes and return encrypted answers. The security module uniformly represents the query access authorizations of the sources, controls the intermediate usage of credentials, assists users in submitting appropriate credentials, selects and forwards credentials for subqueries, and exploits credentials for query optimization.

show abstract

Secure Mediation: Requirements and Design

Cited by 11 publications

References 23 publications

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy

Formal foundations for hybrid hierarchies in GTRBAC

Security Architecture of The Multimedia Mediator

Contact Info

Product

Resources

About