Ensuring secure interoperation of access control in a multidomain environment

Abstract

Interoperation can combine multiple resources and domains, thus it has been widely used in many practical industrial applications, such as distributed database systems. However, the merger of local access control policies in such systems may lead to security violations with regard to access control. For instance, a person can potentially have access (indirectly) to another one's file or data in the interoperation to which s/he should be denied access in the individual system. Therefore, it is critical to deal with such issues in a multidomain environment. Nevertheless, a real-world interoperation contains a large number of entities and access. This imposes a challenge to find the maximum secure interoperation in terms of direct data sharing among individual systems. To overcome this difficulty, we propose an integer linear programming-based approach which can find the maximum secure interoperation in a computationally efficient way. Experimental results are given to demonstrate the efficacy of our approach.