NotesFAQContact Us
Search Tips
ERIC Number: ED535014
Record Type: Non-Journal
Publication Date: 2010
Pages: 156
Abstractor: As Provided
Reference Count: 0
ISBN: ISBN-978-1-1248-3273-9
An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments
Zhang, Yue
ProQuest LLC, Ph.D. Dissertation, University of Pittsburgh
Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and "loosely-coupled." The access control challenges in the "loosely-coupled" environment have not been studied adequately in the literature. In a "loosely-coupled" environment, different domains do not know each other before they interoperate. Therefore, traditional approaches based on users' identities cannot be applied directly. Motivated by this, researchers have developed several "attribute-based" authorization approaches to dynamically build trust between previously unknown domains. However, these approaches all focus on building trust between individual requesting users and the resource providing domain. We demonstrate that such approaches are inefficient when the requests are issued by a set of users assigned to a functional role in the organization. Moreover, preserving "principle of security" has long been recognized as a challenging problem when facilitating interoperations. Existing research work has mainly focused on solving this problem only in a "tightly-coupled" environment where a global policy is used to preserve the "principle of security." In this thesis, we propose a role-based access control and trust management framework for "loosely-coupled" environments. In particular, we allow the users to specify the interoperation requests in terms of requested permissions and propose several "role mapping" algorithms to map the requested permissions into roles in the resource providing domain. Then, we propose a "Simplify" algorithm to simplify the distributed proof procedures when a set of requests are issued according to the functions of some roles in the requesting domain. Our experiments show that our "Simplify" algorithm significantly simplifies such procedures when the total number of credentials in the environment is sufficiently large, which is quite common in practical applications. Finally, we propose a novel "policy integration" approach using the special semantics of "hybrid role hierarchy" to preserve the "principle of security." At the end of this dissertation a brief discussion of implemented prototype of our framework is present. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A