Abstract
Building coalitions between autonomous domains and managing the negotiation process between multiple security policies in a multi-domain environment is a challenging task. The negotiation process requires efficient modeling methods for the determination of secure access states and demands support from automated tools aiming to support administrators and to minimize human intervention; thus making the whole process more efficient and less error-prone. In this paper we define a framework that enables the representation of policy merging between autonomous domains, as a constraint satisfaction problem, while remaining neutral in regard to the policy language. Role and permission hierarchies are modeled using the constraint programming formalism. Policy mappings are utilized in order to enable cross-organizational role assignment. Further optimization on policy mappings is achieved by casting the problem to a partially ordered multi-criteria shortest path problem.
Chapter PDF
Similar content being viewed by others
References
Gong L. and Qian X. “The complexity and composability of secure interoperation”. In Proceedings of the Symposium on Security and Privacy, pages 190–200, Oakland, CA. IEEE Press, 1994.
Belsis P., Gritzalis S., Katsikas S., “A scalable Security Architecture enabling coalition formation between autonomous domains”. To appear In “Proceedings of the IEEE ISSPIT International Conference on Signal Processing and Information Technology”, December 2005 Athens, Greece.
Khurana H., Gligor V. D. and Linn J., “Reasoning about Joint Administration of Coalition Resources”, In Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), pp.429–439, Vienna, Austria, July 2002, IEEE press..
Sandhu R., Ferraiolo D., and Kuhn R. “The NIST model for role-based access control: towards a unified standard”. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC’00), pages 47–63, 2000, ACM press.
Bharadwaj V. and Baras J. “Towards automated negotiation of access control policies”, In Proceedings of the 4 th IEEE International workshop on Policies for distributed Systems and Networks (POLICY 03), pp. 77–86, IEEE press
Ahn G-J. and Sandhu R., “Role-based Authorization Constraints Specification”, ACM Trans. on Inf. System Security, pages 207–226, Vol. 3, No. 4, Nov. 2000.
Organization for the Advancement of Structured Information Standards (OASIS), XACML Extensible access control markup language specification 2.0, OASIS Standard, (available at http://www.oasis-open.org) (Accessed May 2005).
Belokolsztolszki A., Eyers D., Moody K., “Policy Contexts: Controlling Information Flow in Parameterised RBAC”, In Proc. of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY’03), IEEE Press, pp. 99–110.
Joshi J.B.D., Bhatti R., Bertino E., Ghafoor A., “Access Control Language for Multi-Domain Environments”, IEEE Internet Computing, Nov. 2004, pp. 40–50, IEEE press.
Bistarelli S., “Semirings for Soft Constraint Solving and Programming”, Springer Lecture Notes in Computer Science, Vol. 2962, 2004.
Bistarelli S., Montanari U., Rossi F. “Semiring-Based Constraint Logic Programming: Syntax and Semantics,, in ACM Transactions of Programming. Languages and Systems (TOPLAS), ACM Press, Pages: 1–29 Vol. 23, issue 1, 2001
Bistarelli S., Montanari U. and Rossi F. “Semiring-based Constraint Solving and Optimization”, in Journal of the ACM, vol.44, n.2, pp. 201–236, March 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Belsis, P., Gritzalis, S., Katsikas, S.K. (2006). Optimized Multi-Domain Secure Interoperation using Soft Constraints. In: Maglogiannis, I., Karpouzis, K., Bramer, M. (eds) Artificial Intelligence Applications and Innovations. AIAI 2006. IFIP International Federation for Information Processing, vol 204. Springer, Boston, MA . https://doi.org/10.1007/0-387-34224-9_10
Download citation
DOI: https://doi.org/10.1007/0-387-34224-9_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-34223-8
Online ISBN: 978-0-387-34224-5
eBook Packages: Computer ScienceComputer Science (R0)