Security Analysis Research For Access Control In Multi-domain Environment

As the rapid development of distributed systems and network technologies security access control models which apply to the situations are presented and gradually abstracted to the general ones of strategies.These models are comprehensi-vely used in environments with distributed heterogeneours systems.Secure interoper-ation among the distributed heterogeneours systems has already become an important form of co-operative work.It can directly bring to the improment of work efficiency, and also contribute to resources sharing as well.These systems are not only service providers but also service users of other systems.Therefore, the systems protect one's own resources and comply with the security rules of other's systems.Acess control actualize secure requirements of enterprise systems,simultaneity, it ensures the authorized users's normal operations and prevents unauthorized access by insider. Particularly in the multidomain environment,the security problem can get magnified because of heterogeneous security policy, numerous of users,and lacking global coordinator. Therefore,how to configure appropriate access control for supporting interoperation and ensuring system security has become the very important technology.Access control system is often described as a state transition system.Given a set of access control policies, a general safety requirement in such a system is to determine whether a desirable property is satisfied in all the reachable states.In this paper, we propose to use security analysis techniques to maintain desirable security properties of Risk-based Role Based Access Control For Multi-domain Environment(MDR2BAC).We give a precise definition of security analysis problems in MDR2BAC,which is more general than safety analysis that is studied in single-domain.We show the process of dynamic permission adjustment in multi-domain environment, and illustrate two classes of problems in the process which can be reduced to similar analysis in the RT[←,∩] role-based trust-management language, thereby establishing an interesting relationship between MDR2BAC and the RT framework.The reduction gives efficient algorithms for answering most kinds of queries in the two stages of dynamic adjustment permissions.