期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:1
页码:19-32
DOI:10.14257/ijsia.2014.8.1.03
出版社:SERSC
摘要:Interoperable Role-Based Access Control (IRBAC) 2000 model can be used to accomplish security interoperation between two or more administrative domains via role association and dynamic role translation. However, Static Separation of Duties (SSoD) is not considered in the IRBAC 2000 model, so the problem of inter-domain static mutual exclusive roles constraints violation can arise. This paper proposes a novel method based on colored Petri nets to model and analyze IRBAC 2000 model so as to detect static mutual exclusive roles (SMER) constraints violation. The necessary and sufficient conditions for SMER constraints violation in the IRBAC 2000 model are demonstrated. A graphical detection model based on Colored Petri net of SMER constraints violation is presented and then a more complicated case study is used to illustrate the efficiency of the proposed model. Moreover, some prerequisites for avoiding SMER constraints violation and guaranteeing the model security while adding new role association or user-role assignment are also discussed, analyzed and detailed based on colored petri net model in this paper.
关键词:Interoperation; static separation of duties; static mutual exclusive roles; ; dynamic role translation; colored Petri nets; prerequisites
