多域环境中的安全冲突避免:一种分布式方法

IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans Pub Date : 2021-09-01 DOI:10.1109/TSMC.2019.2954589

Benyuan Yang, Hesuan Hu

{"title":"多域环境中的安全冲突避免:一种分布式方法","authors":"Benyuan Yang, Hesuan Hu","doi":"10.1109/TSMC.2019.2954589","DOIUrl":null,"url":null,"abstract":"In a multidomain application environment, it is of paramount importance for different organizations to collaborate with each other to facilitate secure interoperation. However, various types of conflicts related to access control constraints may arise as a result of integrating access control policies for individual domains, such as role inheritance violations (RIVs) and separation of duty violations (SoDVs). Current methods solve the conflicts in a centralized way by withdrawing or removing all crossdomain relationships resulting in the violations with the knowledge of all domains. However, these methods are inappropriate for large-scale systems due to their high computational complexity. In this article, we propose a distributed approach to avoid secure conflicts in a multidomain environment. We first model the role inheritance hierarchies of multiple domains as an interoperation graph. We then develop RIVs and SoDVs avoidance algorithms based on the interoperation graph and the communications among different domains. Each domain can execute the algorithms autonomously and in real time by evaluating whether its succeeding activated role can result in RIVs and SoDVs. We show that the new algorithms perform well in contrast to the existing algorithms.","PeriodicalId":55007,"journal":{"name":"IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans","volume":"52 1","pages":"5478-5489"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Secure Conflicts Avoidance in Multidomain Environments: A Distributed Approach\",\"authors\":\"Benyuan Yang, Hesuan Hu\",\"doi\":\"10.1109/TSMC.2019.2954589\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a multidomain application environment, it is of paramount importance for different organizations to collaborate with each other to facilitate secure interoperation. However, various types of conflicts related to access control constraints may arise as a result of integrating access control policies for individual domains, such as role inheritance violations (RIVs) and separation of duty violations (SoDVs). Current methods solve the conflicts in a centralized way by withdrawing or removing all crossdomain relationships resulting in the violations with the knowledge of all domains. However, these methods are inappropriate for large-scale systems due to their high computational complexity. In this article, we propose a distributed approach to avoid secure conflicts in a multidomain environment. We first model the role inheritance hierarchies of multiple domains as an interoperation graph. We then develop RIVs and SoDVs avoidance algorithms based on the interoperation graph and the communications among different domains. Each domain can execute the algorithms autonomously and in real time by evaluating whether its succeeding activated role can result in RIVs and SoDVs. We show that the new algorithms perform well in contrast to the existing algorithms.\",\"PeriodicalId\":55007,\"journal\":{\"name\":\"IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans\",\"volume\":\"52 1\",\"pages\":\"5478-5489\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TSMC.2019.2954589\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TSMC.2019.2954589","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

在多域应用程序环境中，不同组织之间相互协作以促进安全互操作是至关重要的。然而，与访问控制约束相关的各种类型的冲突可能会由于为单个域集成访问控制策略而产生，例如角色继承违反(riv)和职责分离违反(sodv)。目前的方法是通过抽取或删除所有跨领域的关系来集中解决冲突，从而导致与所有领域的知识相冲突。然而，这些方法由于计算复杂度高而不适用于大规模系统。在本文中，我们提出了一种分布式方法来避免多域环境中的安全冲突。我们首先将多个域的角色继承层次结构建模为互操作图。然后，我们基于互操作图和不同领域之间的通信开发了riv和sodv避免算法。通过评估其后续激活作用是否会导致riv和sodv，每个域可以自主地实时执行算法。结果表明，与现有算法相比，新算法表现良好。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure Conflicts Avoidance in Multidomain Environments: A Distributed Approach

In a multidomain application environment, it is of paramount importance for different organizations to collaborate with each other to facilitate secure interoperation. However, various types of conflicts related to access control constraints may arise as a result of integrating access control policies for individual domains, such as role inheritance violations (RIVs) and separation of duty violations (SoDVs). Current methods solve the conflicts in a centralized way by withdrawing or removing all crossdomain relationships resulting in the violations with the knowledge of all domains. However, these methods are inappropriate for large-scale systems due to their high computational complexity. In this article, we propose a distributed approach to avoid secure conflicts in a multidomain environment. We first model the role inheritance hierarchies of multiple domains as an interoperation graph. We then develop RIVs and SoDVs avoidance algorithms based on the interoperation graph and the communications among different domains. Each domain can execute the algorithms autonomously and in real time by evaluating whether its succeeding activated role can result in RIVs and SoDVs. We show that the new algorithms perform well in contrast to the existing algorithms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans 工程技术-计算机：控制论

自引率

0.00%

发文量

审稿时长

6.0 months

期刊介绍： The scope of the IEEE Transactions on Systems, Man, and Cybernetics: Systems includes the fields of systems engineering. It includes issue formulation, analysis and modeling, decision making, and issue interpretation for any of the systems engineering lifecycle phases associated with the definition, development, and deployment of large systems. In addition, it includes systems management, systems engineering processes, and a variety of systems engineering methods such as optimization, modeling and simulation.