An Approach for Trusted Interoperation in a Multidomain Environment

  • Yuqing Sun
  • Peng Pan
  • Xiangxu Meng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4158)


There are increasing requirements for interoperation among distributed multi-domain systems. The key challenge is how to balance security and collaboration. A novel approach is proposed in this paper to support the trusted interoperation. It introduces the notions of effect scope and life condition into role based access control model to restrict permission to be active only in proper environment. Partial inheritance of role hierarchy is presented to support the finely granular access rights as well as the verification algorithms are proposed to maintain security constraints consistent. As an example, XACML-based platform is provided to combine the existent systems for secure interoperation. Without compromising the collaboration, this approach can effectively enforce a layered security policy and can reduce the complexity of security management.


Security Policy Access Control Policy Access Control Model Role Base Access Control Verification Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Oh, S., Park, S.: Task-role-based Access Control Model. J. of Information System 28, 533–562 (2003)MATHCrossRefGoogle Scholar
  2. 2.
    Bertino, E., Bonatti, P.A.: TRBAC: A Temporal Role-Based Access Control Model. ACM Transaction on Information and System Security 4(3), 191–223 (2001)CrossRefGoogle Scholar
  3. 3.
    Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: Generalized Temporal Role Based Access Control Model (GTRBAC). IEEE Transaction on Knowledge and Data Engineering 17, 4–23 (2005)CrossRefGoogle Scholar
  4. 4.
    Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Transaction on Software Engineering 22(1), 43–52 (1996)CrossRefGoogle Scholar
  5. 5.
    Bonatti, P., Di Vimercati, S.D.C., Samarati, P.: A Modular Approach to Composing Access Control Policies. In: 7th ACM Conference on Communications and Security, pp. 164–173 (2000)Google Scholar
  6. 6.
    Wijesekera, D., Jajodia, S.: A Propositional Policy Algebra for Access Control. ACM Transaction on Information and System Security 6(2), 286–325 (2003)CrossRefGoogle Scholar
  7. 7.
    Biskup, J., Wortmann, S.: Towards a Credential-Based Implementation of Compound Access Control Policies. In: Proc. of ACM SACMAT 2004, pp. 31–40 (2004)Google Scholar
  8. 8.
    Song, E., Reddy, R., France, R., Ray, I., Georg, G., A., R.: Verifiable Composition of Access Control and Application Features. In: Proc. of SACMAT 2005, Stockholm, pp. 120–129 (2005)Google Scholar
  9. 9.
    Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transaction on Knowledge and Data Engineering 17(11), 1557–1577 (2005)CrossRefGoogle Scholar
  10. 10.
    Ferraiolo, D.F., Gavrila, S., Hu, V., Kuhn, R., D.: Composing and Combining Policies under the Policy Machine. In: Proc. of ACM SACMAT 2005, Stockholm, pp. 11–20 (2005)Google Scholar
  11. 11.
    Park, J.S., Costello, K.P., Neven, T.M., Diosomito, J.A.: A Composite RBAC Approach for Large, Complex Organization. In: Proc. of ACM SACMAT 2004, pp. 163–171 (2004)Google Scholar
  12. 12.
    Sun, Y.Q., Meng, X.X., Liu, S.J., Pan, P.: Flexible Workflow Incorporated with RBAC. In: Shen, W.-m., Chao, K.-M., Lin, Z., Barthès, J.-P.A., James, A. (eds.) CSCWD 2005. LNCS, vol. 3865, pp. 525–534. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Sun, Y.Q., Pan, P.: PRES—A Practical Flexible RBAC Workflow System. In: Proc. of 7th International Conference on Electronic Commerce, pp. 653–658 (2005)Google Scholar
  14. 14.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rose-Based Access Control Model. IEEE Computer 29(2), 38–47 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yuqing Sun
    • 1
  • Peng Pan
    • 1
  • Xiangxu Meng
    • 1
  1. 1.School of Computer Science & TechnologyShandong UniversityJinanP.R. China

Personalised recommendations