Towards secure delegation with Chinese wall security policy (CWSP)

被引：0

作者：

Ye C. ^{[1
]}

Hu H. ^{[2
]}

Xiang H. ^{[2
]}

机构：

[1] College of Computer Science, Chongqing University, Chongqing

[2] School of Software Engineering, Chongqing University, Chongqing

来源：

Journal of Networks | 2011年 / 6卷 / 08期

关键词：

Chinese wall security policy; CWSP; Delegation; Role based access control;

D O I：

10.4304/jnw.6.8.1230-1237

中图分类号：

学科分类号：

摘要：

Chinese Wall Security Policy (CWSP) is a widely applied access control policy in many fields, especially in commercial world. Delegation is one of the hot topics of access control technologies. Delegation with CWSP means delegation must satisfy not only delegation constrains but CWSP as well. There exist many delegation models, such as RBDM, RDM2000 and PBDM et al, but few focus on it. This paper proposed an approach of how to delegate permission with the restriction of CWSP. Although CWSP is part of delegation constraint, it does not mean that existing delegation models can be easy applied to this kind of delegation. In our approach, we first define two types of delegation constraints consisting of CWSP. Then we discussed different types of revocation and found that automatic revocation can make delegation safer than user revocation. Also, we found that there exists security vulnerability in multi-step delegation and gave some feasible solutions. Finally, this paper gave system implementation architecture and some examples to show how our approach works properly in a situation with CWSP. © 2011 ACADEMY PUBLISHER.

引用

页码：1230 / 1237

页数：7

共 11 条

[1]

Sandhu R., Coyne E., Feinstein H., Younman C., Role-Based Access Control Models, IEEE Computer, 29, 2, pp. 38-47, (1996)

[2]

Crampton J., Khambhammettu H., Delegation in Role Base Access Control, International Journal of Information Security, 7, 2, pp. 123-136, (2008)

[3]

Barka E.S., Framework for Role-Based Delegation Models, (2002)

[4]

Zhang L., Ahn G.-J., Chu B.-T., A rule-based framework for role-based delegation, ACM Transactions on Information and System Security (TISSEC), 6, 3, pp. 404-441, (2003)

[5]

Zhang X., Sejong O., Sandhu R., PBDM: A Flexible Delegation Model in RBAC, Proc. of the SACMAT'03, Como, pp. 149-157, (2003)

[6]

Qing-Song Z., Yu-Fang S., Bo S., RPRDM: A Repeated-and-Part-Role-Based Delegation Model, Journal of Computer Research and Development, 40, 2, pp. 221-227, (2003)

[7]

Chun-Xiao Y., Wu Z.-F., Et al., An Attribute-Based Extended Delegation Model, Journal of Computer Research and Development, 43, 6, pp. 1050-1057, (2006)

[8]

Brewer D.D.C., Nash M.J., The chinese wall security policy, Proc. of the IEEE Symposium on Security and Privacy, pp. 215-228, (1989)

[9]

Lin T.Y., Chinese wall security policy-an aggressive model, Proc. of the Computer Security Applications Conference, pp. 282-289, (1989)

[10]

Simon R., Zurko M., Separation of duty in role-based environments, Proc. of 10th IEEE Computer Security Foundations Workshop, pp. 183-194, (1997)

← 1 2 →