Integrating Trust and Role for Secure Interoperation in Multi-Domain Environment
出版社:
- 会议名称:The 2nd International Conference on Information Security and Assurance (ISA 2008)
- 举办地点:Busan,Korea
- 举办日期:April 2008
- 页数: 77-82
摘要内容:
Traditional access control disciplines such as RBAC has difficulty in covering open and decentralized multi-centric systems because it has focused on a closed system where all users are known and primarily utilizes a server-side reference monitor within the system. Trust management has relaxed this known user restriction and allowed authorize for strangers based on their credentials. However, trust management has also been found to be lacking because of certain inherent drawbacks with the notion of credential. In this work, a new access control model T&RBAC is presented in this paper. It integrates RBAC and TM. User can be assigned to local roles, also can be assigned to foreign roles based on his credential and local roles. We proof that there is no security constraints in T&RBAC. To some extends, T&RBAC is only a core model and can be extended for specific requirement.
关键词:
- Interoperation;Trust Management