|
|||||
|
|
Specification and enforcement of flexible security policy for active cooperation |
|
| Authors: | Yuqing Sun Bin Gong |
| Affiliation: | a School of Computer Science and Technology, Shandong University, No. 27 Shanda South Road, Jinan Shandong 250100, China b CERIAS and Department of Computer Science, Purdue University, USA c Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China |
| Abstract: | Interoperation and services sharing among different systems are becoming new paradigms for enterprise collaboration. To keep ahead in strong competition environments, an enterprise should provide flexible and comprehensive services to partners and support active collaborations with partners and customers. Achieving such goals requires enterprises to specify and enforce flexible security policies for their information systems. Although the area of access control has been widely investigated, current approaches still do not support flexible security policies able to account for different weighs that typically characterize the various attributes of the requesting parties and transactions and reflect the access control criteria that are relevant for the enterprise. In this paper we propose a novel approach that addresses such flexibility requirements while at the same time reducing the complexity of security management. To support flexible policy specification, we define the notion of restraint rules for authorization management processes and introduce the concept of impact weight for the conditions in these restraint rules. We also introduce a new data structure for the encoding of the condition tree as well as the corresponding algorithm for efficiently evaluating conditions. Furthermore, we present a system architecture that implements above approach and supports interoperation among heterogeneous platforms. |
| Keywords: | Security policy Access control Flexibility Cooperation RBAC |
| 本文献已被 ScienceDirect 等数据库收录! | |