Smatch Model: Extending RBAC Sessions in Virtualization Environment

Abstract

This paper extends RBAC sessions with share ability, reusability and switch ability properties. We define the Smatch (Secure Management of switch) model in which authorized users can join, leave, reopen and reuse dynamic sessions. In Smatch, subjects can also share sessions and dynamically switch their role or function with other subjects from the same or die rent organizations. Subjects can authenticate using their function which will automatically activate the set of roles associated with this function. The Smatch model is based on first order logic with actions. It provides means to specify contextual access control and authentication policies which apply to control functional behavior of dynamic sessions. We suggest an implementation of Smatch using virtual machines.