Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environment

Zhang, Yue (2011) An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environment. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Primary Text

Download (2MB) | Preview


Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as tightly-coupled and loosely-coupled. The access control challenges in the loosely-coupled environment have not been studied adequately in the literature. In a loosely-coupled environment, different domains do not know each other before they interoperate. Therefore, traditional approaches based on users' identities cannot be applied directly. Motivated by this, researchers have developed several attribute-based authorization approaches to dynamically build trust between previously unknown domains. However, these approaches all focus on building trust between individual requesting users and the resource providing domain. We demonstrate that such approaches are inefficient when the requests are issued by a set of users assigned to a functional role in the organization. Moreover, preserving principle of security has long been recognized as a challenging problem when facilitating interoperations. Existing research work has mainly focused on solving this problem only in a tightly-coupled environment where a global policy is used to preserve the principle of security. In this thesis, we propose a role-based access control and trust management framework for loosely-coupled environments. In particular, we allow the users to specify the interoperation requests in terms of requested permissions and propose several role mapping algorithms to map the requested permissions into roles in the resource providing domain. Then, we propose a Simplify algorithm to simplify the distributed proof procedures when a set of requests are issued according to the functions of some roles in the requesting domain. Our experiments show that our Simplify algorithm significantly simplifies such procedures when the total number of credentials in the environment is sufficiently large, which is quite common in practical applications. Finally, we propose a novel policy integration approach using the special semantics of hybrid role hierarchy to preserve the principle of security. At the end of this dissertation a brief discussion of implemented prototype of our framework is present.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairJoshi, James B Djjoshi@sis.pitt.eduJJOSHI
Committee MemberLee, Adam Jadamlee@cs.pitt.eduADAMLEE
Committee MemberSpring, Michaelspring@pitt.eduSPRING
Committee MemberKrishnamurthy, Prashantprashant@sis.pitt.eduPRASHK
Committee MemberZadorozhny, Vladimirvladimir@sis.pitt.eduVIZ
Date: 6 May 2011
Date Type: Completion
Defense Date: 4 November 2010
Approval Date: 6 May 2011
Submission Date: 15 April 2011
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Information Science
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: Access Control; Multidomain; RBAC; Secure Interoperation; Trust Management
Other ID:, etd-04152011-155847
Date Deposited: 10 Nov 2011 19:37
Last Modified: 15 Nov 2016 13:40


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item