MIRBAC: A Role-Based Access Control Model for Multi-Domain Interoperability

Abstract

How to achieve both cross-domain authorization and access control in a multi-domain environment and ensuring local autonomy and security are hot research field of network security. Due to the centralized management, traditional access control has been unable to meet the security needs of cross-domain interoperability under a distributed environment. In this article, we introduce three types of inter-domain role relations, such as transitive mapping, non-transitive mapping and restricted access, extend the standard single-domain RBAC model to a multi-domain interoperable environment, and establish a role-based access control model based on multi-domain interoperability (MIRBAC). Compared with the prior studies, MIRBAC model supports separation of duties constraint under multi-domain environments, the security and management flexibility of interdomain authorization is greatly improved. Moreover, based on MIRBAC model, we further research detection method of security violation during interoperability, propose a complete security conflict detection algorithm according to various conflict types caused by implementing interoperability activities, and conduct computational complexity analysis and case analysis of our proposed algorithm. Finally, we develop a prototype system based on the definitions of our proposed model to conduct experimental studies to demonstrate the feasibility and performance of our approach.