Access Control Management and Scurity in a Heterogeneous Multidomain Environment

异构多域环境中的访问控制管理和安全

• 批准号: 0209111
• 负责人: Arif Ghafoor
• 金额: $ 22.5万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-08-15 至 2005-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0209111&HistoricalAwards=false
• 关键词: Access; Control; Management; Scurity; Heterogeneous

This project will develop a comprehensive framework for security management using access control models for distributed applications in a heterogeneous multidomain environment. Such systems are expected to play a critical role in a broad range of Web-based applications. The proposed framework will be built upon role-based access control (RBAC) models. The use of roles for security management has several well-recognized advantages. Noted among them is their flexibility in representing key organizational functions while directly supporting the security policies of an organization. Due to the dynamic nature of distributed applications and the heterogeneity aspects of the underlying multidomain environment, development of the proposed framework poses several daunting challenges. The main challenges addressed in this proposal include:-the development of a Petri-net based dynamic RBAC model that incorporates time constraints. This task also includes modeling a variety of security policies and developing efficient analytical techniques for evaluating the correctness criteria for this model.-the development of an RBAC formalism that ensures secure interoperability in a heterogeneous multidomain environment for supporting distributed applications. This task also includes designing optimal mediation policies to manage conflicts among domain roles and tasks belonging to applications.

这个项目将开发一个全面的安全管理框架，在异构多域环境中使用分布式应用程序的访问控制模型。预计这种系统将在广泛的基于网络的应用程序中发挥关键作用。拟议的框架将建立在基于角色的访问控制（RBAC）模型。使用角色进行安全管理有几个公认的优点。其中值得注意的是，它们在代表关键组织功能方面具有灵活性，同时直接支持组织的安全政策。由于分布式应用程序的动态特性和底层多域环境的异构性，所提出的框架的发展带来了一些艰巨的挑战。在这个建议中解决的主要挑战包括：-一个基于Petri网的动态RBAC模型，结合时间限制的发展。该任务还包括对各种安全策略进行建模，并开发有效的分析技术，以评估该模型的正确性标准。发展的RBAC形式主义，确保安全的互操作性，在异构的多域环境中支持分布式应用程序。该任务还包括设计最佳中介策略来管理属于应用程序的域角色和任务之间的冲突。