The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Secure Interoperation in a Multi-Domain Environment

Download

Download PDF Document
PDF

Author

Basit Shafiq

Tech report number

CERIAS TR 2004-34

Entry type

techreport

Abstract

The rapid proliferation of the Internet and the cost effective growth of its key enabling technologies such as database management systems, storage and end-systems, and networking are revolutionizing information technology and have created unprecedented opportunities for developing large scale distributed applications and enterprise-wide systems. At the same time, there is a growing need for information sharing and resource exchange in a collaborative environment that spans multiple enterprises. Various businesses, government, and other organizations have realized that information and resource sharing is becoming increasingly critical to their success. However, increase in inter-domain information and resource exchange poses new threats to the security and privacy of data. Numerous studies have shown that unauthorized access, in particular by insiders, constitutes a major security problem for enterprise application environments. This problem can get magnified in a collaborative environment where, distributed, heterogeneous, and autonomous organizations interoperate with each other. Collaboration in such a diverse environment requires integration of the access control policies of local domains to compose a global security policy for controlling information accesses across multiple domains. In this proposal, we address the issue of policy integration in a multi-domain system that allows information and resource sharing in a collaborative environment. The proposed policy integration mechanism is a two phase process that first defines a mapping among the cross-domain entities and then resolves the underlying access control policy conflicts. For conflict resolution, we propose an integer programming (IP) based approach that maximizes inter-domain information and data exchange according to some specified optimality criterion. As an extension to the policy integration framework, we plan to address the problem of access control policy verification and policy evolution in the context of secure interoperation. In addition, we will investigate the problem of semantic partitioning of a single access control policy into multiple independent, autonomous, and functional policies.

Download

PDF

Institution

Purdue University

Key alpha

shafiq

Note

This is preliminary exam report submitted to the Faculty of Purdue University by the author in Partial Fulfillment of the requirements for the degree of Doctor of Philosophy. Advisory Committee: Prof. Arif Ghafoor Prof. Elisa Bertino Prof. Y. C. Hu Prof. Mary Harper

School

Electrical and Computer Engineering

Affiliation

CERIAS

Publication Date

1900-01-01

Contents

Access control Multi-domain Systems Secure Interoperation Policy Composition Conflict resolution

Keywords

Access control, RBAC, Secure Interoperation, Policy composition

Language

English

Subject

Secure interoperation

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.