ISSN : 1796-203X
Volume : 4    Issue : 9    Date : September 2009

Trust-Based Constraint-Secure Interoperation for Dynamic Mediator-Free Collaboration
Lingli Deng, Ziyao Xu, and Yeping He
Page(s): 862-872
Full Text:
PDF (557 KB)

By collaboration, domains share resources effectively. To maintain security properties of individual
domains during collaboration is a key issue. When domains employing heterogeneous RBAC
policies collaborate via crossdomain role-role mappings, their locally-defined separation of duty
constraints face the risk of breaching. We present the requirements for constraint-secure
interoperation, prohibiting implicit authorizations that break constraints from other member
domains. We propose a trust-based framework to implement constraint-secure interoperation with
differential trust relations between member pairs in open collaborative scenarios. The framework
introduces cross-domain migration and remote assurance of constraints to maximize
interoperability between mutually trusted domains, ensures separation of constraint conflicts to
minimize security risk between distrusted domains. We provide algorithms of a fully distributed
implementation, security proofs and demonstrative usage cases for the proposed solution.

Index Terms
Secure Collaboration, RBAC, Separation of Duty, Statically Mutual Exclusive Roles