Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model
PENG You1,SONG Yan1,JU Hang1,WANG Yanzhang2
1. School of Economics and Management, Harbin Engineering University, Harbin Heilongjiang 150001, China;
2. Faculty of Management and Economics, Dalian University of Technology, Dalian Liaoning 116024, China
For the problems of Organization Based 4 Levels Access Control (OB4LAC) model on how to build the virtual positions based on the requested permission sets from users in other domain, this paper proposed a detailed process based on the following three stages, which are the searching stage of the role sets based on the required permission, the determining stage of Separation of Duty (SoD) and activating constraints, the creation and revoke stage of virtual position. Aiming to the searching stage of the role sets based on the required permission, the authors gave three searching algorithms that match three different cases respectively, which are complete matching, available matching and least privilege matching; for the determining stage of SoD and activating constraints, the authors defines three kinds of matrixes which are Separate of Duty Matrix (SODM), Cardinality Constraint Matrix (CCM) and Anti-connection Inherit Matrix (AIM), then based on those matrixes and corresponding process to solve these problems of constraints; aiming to the creation and revoke stage of virtual position, this paper gave the management functions required for completing the process. Through these specific processes and realization algorithms, the authors resolved the problems of building the virtual positions in multi-domain environment for OB4LAC model.
彭友 宋艳 鞠航 王延章. 基于组织的四层访问控制模型跨域访问过程中虚拟岗位构建方法[J]. 计算机应用, 2014, 34(8): 2345-2349.
PENG You SONG Yan JU Hang WANG Yanzhang. Construction method of virtual position in process of cross-domain access control based on organization based 4 levels access control model. Journal of Computer Applications, 2014, 34(8): 2345-2349.
PENG Y. Research of the organization-based access control method and model for e-government [D]. Dalian: Dalian University of Technology, 2012.(彭友.电子政务中基于组织的访问控制方法及模型研究[D].大连:大连理工大学,2012.)
[2]
LI H. Research of organization based access control model for electronic government system [D]. Dalian: Dalian University of Technology, 2009.(李怀明.电子政务系统中基于组织的访问控制模型研究[D].大连:大连理工大学,2009.)
[3]
DING F. Research on model of government organization authoriza-tion system based on OB4LAC [D]. Dalian: Dalian University of Technology, 2009.(丁锋.基于OB4LAC的政府组织授权系统模型研究[D].大连:大连理工大学,2009.)
[4]
SHAFIQ B, JOSHI J B D, BERTINO E, et al. Secure interoperation in a multi-domain environment employing RBAC policies [J]. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11):1557-1577.
[5]
ZHONG L. Research on role-based inter-domain access control model [D]. Hangzhou: Zhejiang Normal University, 2011.(钟丽丽.基于角色的跨域访问控制模型研究[D].杭州:浙江师范大学,2011.)
[6]
LIU M, WANG X, HUANG H, et al. A detection model based on Petri nets of SMER constrains violation in dynamic role translation [J]. Journal of Computer Research and Development, 2012, 49(9):1991-1998.(刘猛,王轩,黄荷娇,等.基于Petri网的IRBAC 2000域间动态转换SMER约束违反检测[J].计算机研究与发展,2012,49(9):1991-1998.)
[7]
LIAO J, HONG F, ZHU X, et al. Separation of duty in dynamic role translations between administrative domains [J]. Journal ofComputer Research and Development, 2006, 43(6):1065-1070.(廖俊国,洪帆,朱贤,等.多域间动态角色转换的职责分离[J].计算机研究与发展,2006,43(6):1065-1070.)
[8]
LIU S, HUANG H. Role-based access control for distributed cooperation environment [C]// Proceedings of 2009 International Conference on Computational Intelligence and Security. Washington, DC: IEEE Computer Society, 2009: 455-459.
[9]
MA M, WOODHEAD S. Constraint enabled distributed RBAC for subscription-based remote network services [C]// Proceedings of the Sixth IEEE International Conference on Computer and Information Technology. Washington, DC: IEEE Computer Society, 2006: 1-6.
[10]
PENG Y, JU H, SONG Y, et al. OB4LAC: an organization-based access control model for e-government system [J]. Applied Mathematics and Information Science, 2014, 8(3): 1467-1474.
[11]
LI F, SU M, SHI G, et al. Research status and development trends of access control model [J]. Acta Electronica Sinica, 2012, 40(4): 805-813.(李凤华,苏釯,史国振,等.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813.)
[12]
RUSSELLO G, DULAY N. xDUCON: coordinating usage control policies in distributed domains [C]// Proceedings of the Third International Conference on Network and System Security. Washington, DC: IEEE Computer Society, 2009: 246-253.
[13]
ZHANG G, GONG W, TIAN J. The research of cross-domain usage control model in Web services [C]// Proceedings of the Second International Conference on e-Business and Information System Security. Piscataway: IEEE Press, 2010: 1-5.
[14]
DAI X, CHEN X, WANG Y, et al. An improved state transition-based security policy conflict detection algorithm [C]// Proceedings of the 2010 International Conference on Computational and Information Sciences. Chengdu: [s.n.], 2010: 609-612.
[15]
WANG X, FU H, ZHANG L. Research progress on attribute-based access control [J]. Acta Electronica Sinica, 2010, 38(7): 1660-1667.(王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667.)