Specification And Conflict Detection For Gtrbac In Multi-domain Environment

In recent years, with many more people recognizing the importance of the rolethat RBAC acted in the field of access control, more and more researchers have paidattention to or engaged in the study of the RBAC policy.With the rapid development of internet technologies and the widespread use ofdistributed systems, the traditional local domain structure can not meet the needs ofthe development any more. The security issue for the distributed interactive systemshas became one of the new research topics. How to achieve safe and reliablecross-domain resource sharing in the multiple heterogeneous systems has becamemuch more important. The RBAC policy in the multi-domain environment has beenstudied for many years, which makes it possible for the cross-domain resourcesharing in the multiple heterogeneous systems.What’s more, in order to meet the needs of a variety of real world applications,the time factor is required to achieve the corresponding constraints. Using the timefactor, we could design the constraints in the policy much more detailed and makethe policy much more rigorous. In addition, it can make the authorization muchmore safe and reliable. The RBAC policy in the multi-domain environment with thetime constraints could be much more consistent with the actually application.However, little of the strategies of multi-domain concerned about the time factor.The RBAC policy in the multi-domain environment with the time constraintscould make the access control policy much more rigorous，but it could also producesome kinds of new conflicts. In this paper, we will mainly deal with analysis anddetection about the conflicts that occur in both the inter-domain environment and thelocal domain environment with the consideration of time constraints. And the maincontribution of this paper are listed as follows:Firstly, the RBAC policy introduction was given in this paper. After proposingthe concept of multi-domain based GTRBAC model, this paper firstly presents anddiscusses the different conflicts that occurred in designing it.Secondly, based on the previous works, this paper presents a formal modelingapproach with the timed colored Petri nets. Four modules of the entire structurewere shown to describe the policy in related to the enable/disable state, the intra-domain assignment, the inter-domain assignment and the activationrespectively. In order to illustrate the approach, an applicable example is shown forthe specification and conflict detection using the detection methods that CPN toolsapplied.In order to further validate the policy, a time constraint multi-domainenvironment simulation system was given at last. It is a prototype system toimplement from theory modeling into the practical application. The systemperformed well and achieved the expected effect.