| Nowadays,the distributed system has developed quickly, whose size and complexity are becoming greater. The distributed systems consist of multi-domains. In every domain, the security is guaranteed by the centralized control.The research of access control in a single domain mainly focuses on role-based access control. ARBAC97 model sets extra private roles to handle how private permissions are inherited, which increases the amount of roles and makes systems more complex. Based on ARBAC97 model, a permission is subdivided to a private permission and a public permission. A private permission is owned by only its source role and can not be inherited by any other roles, but a public one can. Whether it is a private permission or a public one after it is inherited depends on the way of inheritance. Permissions are inherited by private-inheritance and public-inheritance, which enhances the flexibility of the original model, decreases the amount of roles, and reduces the complexity.Regarding distributed systems, IRBAC2000 model defines the role mapping between two domains and solves the problem of mapping roles in a foreign domain to roles in an original domain. Some pre-conditions first presented in ARBAC97 model are addressed to force a constraint on role mapping, which avoids the conflict of role mapping.Transferable authorizations are required in a distributed environment to reduce heavy management burden brought by role mapping between multi-domains. The depth and width of delegable authorizations are presented to control the spreading scope of permissions. Some rules for eliminating the conflict of delegable authorization are addressed.Having analyzing basic policy on secure interoperability between multi-domains, a multi-domains secure interoperability model is advanced, which is based on role mapping and role delegation. Furthermore, a multi-domains secure interoperability system is designed. |
PDF Full Text Request