智能与分布计算实验室

RAR: A role-and-risk based flexible framework for secure collaboration

出版社:
  • 出版社:
  • 页数::574-586
  • 出版年:2011
摘要内容:

Collaboration among virtual organizations enables domains to effectively share resources. However, it also opens ways for several security and privacy breaches; the problem becomes severe along with the increasing complexity and dynamics of grid environments. As such, in this paper, we propose a flexible secure collaboration framework: called RAR (Role-And-Risk). We introduce the architecture of RAR, and two major components of RAR. The first component is for generating inter-domain role mappings (IDRM) as a basis for collaboration. We study the complexity of IDRM while taking the separation of dutyconstraints and administrative cost into account; it turns out to be intractable for most cases. RAR addresses IDRM related problems by reducing them to well-known problems (e.g., the satisfiability problem SAT), which have been studied for decades and various mature solvers exist in literature. On the other hand, to deal with the dynamics and uncertainty of distributed environments, we employ the notion of risk to monitor and manage the security threat induced by collaboration. RAR’s flexibility lies in the tunable interoperability and the use of risk for timely monitoring users’ accesses.

关键词:
  • Access control; Secure collaboration;Role mapping;Risk