Management of Associations in the IRBAC 2000 Model

作     者：LIAO Junguo HONG Fan ZHANG Zhaoli LIU Ming 

作者机构：College of Computer Science and TechnologyHuazhong University of Science and Technology Wuhan411201 Hubei China College of Computer Science and Technology HunanUniversity of Science and Technology Xiangtan 411201Hunan China 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2006年第11卷第5期

页      面：1262-1266页

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Supported bythe Scientific Research Foundation ofHunan Provincial Education Department (03C500) 

主　　题：IRBAC 2000 model conflicting associations redundant associations prerequisite conditions 

摘      要：Secure interaction and interoperability between two or more administrative domains is a major concern. The IRBAC 2000 model accomplishes secure interaction and interoperability by flexibly dynamic inter-domain role translations. Associations are the key element of the IRBAC 2000 model, which have a great impact on security and efficiency of dynamic role translations. Therefore, it is a crucial problem how to manage the associations in the IRBAC 2000 model. There are two cases under which some matters will emerge. One is where conflicting associations may result in a security hazard. Another is where redundant associations may reduce the efficiency of dynamic role translations and increase the difficulty of management of associations. The formal definitions on conflicting associations and redundant associations are given, and the methods are discusses to judge whether there are conflicting associations or redundant associations in IRBAC 2000 model. The protective mechanism is presented, which utilizes prerequisite conditions to prevent conflicting or redundant associations from appearing in IRBAC 2000 model.