DOC

Authorization

By Diana Palmer,2014-06-20 05:39
16 views 0
Authorization

    Authorization

    NaturaISciences

    ArticleID:1007.1202(2007)01000904

    DOI10.1007/sl185900601297

    VOI.12No.12007009012

    AuthorizationManagement

    YANGQiuwei',

    WUSunyong,HONGFan",

    LIAOJunguo'

    1.CollegeofComputerScienceandTechnology,Huazhong

    UniversityofScienceandTechnology,Wuhan430074,Hubei,China; 2.DepartmentofComputationalScienceandMathematics,Guilin UniversityofElectronicTechnology,Guilin541004,Guangxi,China Abstract:Authorizationmanagementisimportantpreconditionand foundationforcoordinatingandresourcesharinginopennetworks.Re- cently,authorizationbasedontrustiswidelyusedwherebyaccessrightsto sharedresourcearegrantedonthebasisoftheirtrustrelationindistributed environment.Nevertheless,dynamicchangeofthestatusofcredentialand chainoftrustinducestouncertaintyoftrustrelation.Consideringuncer- taintyofauthorizationandanalyzingdeficiencyofauthorizationmodel onlybasedontrust,weproposesiointtrustriskevaluationandbuildthe

    modelbasedonfuzzysettheory,andmakeuseofthemembershipgradeof fuzzysettoexpressjointtrustriskrelation.Finally,derivationprinciple

    andconstraintprincipleofiointtrust.riskrelationshipsarepresented.The authorizationmanagementmodelisdefinedbasedoniointtrustrisk

    evaluation.proofofcomplianceandseparationofdutyareanalyzed.TI1e proposedmodeldepictsnotonlytrustrelationshipbetweenprincipals,but

alsosecurityproblemofauthorization.

    Keywords:trustmanagement;authorizationmanagement;riskevaluation;

    proofofcompliance;fuzzyset

    CLCnumber:TP309

    Receiveddate:2o0606l8

    Foundationitem:SupportedbytheNationalNaturalScienceFoundationofChina

    (60403027)

    Biography:YANGQiuwei(1980-),mate,Ph.D.cav.didate,researchdirection:trustmall-

    agementandaccesscontrolmode1.Email:qwyang@smail.hustedu.cn tT0whomcorrespondenceshouldbeaddressed.Email:xxyul@public.wh_hb.cn 0Introduction

    Trustmanagement【一】isanapproachto

    managingauthorizationindistributedenviron

    ments.Blazeetalfirstlyproposedtheconcept oftrust,andtooktrustintoconsiderationinau

    thorizing.Probabilitycomputedviahistorical recordsisviewedasthegradeoftrust~.Trustis

    classifiedintotwotypes:directtrustandrecom

    mendationtrust.Butmodelingthesubjectivetrust withthesimpleprobabilityandexpressingthe integrationofmultirecommendationtrustsby simplyaveragingcannotdepictthesun}ectivity anduncertaintyoftrustrelationtruly.

    Themembershipgradeoffuzzysetisintro

    ducedtomodeltheillegibilityofsubjectivetrust, andtrustismeasuredbytrustvector[5|Trustand

    riskistakenintorole--basedaccesscontrolpol-- icy[6t7.Butitsexpressivepowerisnotabundant enough.Furthermore,itisnotpracticabletoother mode1.

InthisPaper,wedefineauthorizationsecu

    rityrisk(ARS)firstly,andproposethejoint

    trustriskevaluationmodelbasesonfuzzyset

    theoryanddefinederivationprinciplesandcon

    straintprinciples.Onthisbasis,wepresentthe authorizationmanagementframework.Finally, proofofcompliance【】andseparationofduty【】

    inprocessofauthorizationarediscussed.

1JointTrustRiskEvaluation

    1.1BasicConcept

    Inthepastresearch,definitionabouttrustweredef- erentoneanother.Infact,trustisanexpectationthata principlecontemplatewhatanotherwillact.Foreachof theclassesoftrusttherearetwotypesoftrust:obiective trustandsubjectivetrust.Objectivetrustexpressestrust relationcanbeaccuratelydefinedandverifiedwith mathematicmeans.Tl?strelationbasedsociologyand

    psychologyiscalledsubjectivetrust,whichholdsex

    tremeuncertaintyandsubjectivity.

    Dynamicchangingofthestatusofobjectivetrust inducestotheuncertainty.Otherwise,subiectivetrust quaknowledgeacquisitionphenomenongoeswithseri

    oussubjectivityanduncertainty.Uncertaintyofobjective trustandsubjectivetrustleadstotheextremeuncertainty ofauthorization,whichwillaffectsystemsecurity.In otherwords,atspecificcircumstancethereexistdistance betweenexpectedtargetandpracticalresult,whichhap

    penstohavethesameviewtorisk.

    Definition1Negativeauthorizationsecurityrisk

(NASR)istheuncertaintythatwillaffectthesystemse

    curitynegatively.

    Trustevaluationandriskevaluationconstitutethe securityevaluationofauthorization.Onlyanalyzingone ofthemcannotassurethesystemsecurity:

    Trustisrelevanttospecificoperation.e.g.a principalistrustedtoengageontechnicaltasknotbutto dealwithorganizationmanagement.

    Hightrustdoesnotmeanlowrisk.e.g.inhier

    archicalcorporationstructuresuperiormanagerismore trustedthan.juniortechnician,buttheriskthatsuperior managercompletestechnicaltaskishigherthanthat juniortechniciandoes.

    Lowtrustdoesnotmeanhighrisk.e.g.thetrust amongthestrangersatnewacquaintancemaybelow, butalsotheriskofauthorizationmaybelow.

    Lowriskmeanshightrusty.e.g.1owerNASRis. higherthereliabilityis.

    ?Authorizationsecuritybuildsontrustaccepting andriskacceptingcriteria(introducedinlatersection). Authorizationsecurityisguaranteedifandonlyiftrust andrisksatisfypreconcertedacceptingcriteria. 1.2JointTrust-RiskEvaluationBasedonFuzzySet Inthepastresearch,authorizationbasedonlyon analyzingoneoftrustandrisk,andanalyzedresultdis

    tributedonacontinuousextendand"belong''or"non

    belong"tothesetofcontinuousrealnumberisthesim

    pierelation.Whereas,whenprinciplecannotobtainthe fu11informationoftrustriskevaluation.thereexistsdis

tancebetweenactualvalueandpracticalresult.110im

    provetheveracityandconsistencyofevaluation,wepro

    posetrustfuzzysetandriskfuzzysetbasedonfuzzyset theory".andthendefinetheJointTmstRiskFuzzy

    Relation,andmakeuseofthemembershipgradetoex

    pressjointtrustriskrelation.Inthefollowingdefinitions, thespaceoftrustobjectsandthespaceofriskobjects denotethespaceofentities.

    Definition2LetU=fuldenoteaspaceoftrust objects.ThenatrustfuzzysetTFinUisdenotedasthe membershipfunctionthatmapsUtotheinterval[0,11, ~/TF:_?[0,11,whereforalluEU,F(")=ldenotes

    thatubelongstoTFtotally.)=0denotesthatu doesnotbelongtoTF.0<,~/TF)<ldenotesthatube

    longstoTFpartially.ForagivenuEU,rF(")denotes themembershipgradeoftheelementuinTF.Thefuzzy setTFcanbeexpressedasasetoforderedpairs TF={(",/lrF("))l"?Ul

    Definition3RiskFuzzySet.LetU={uldenotea spaceofriskobjects.ThenariskfuzzysetRFinUis denotedasthemembershipfunctionthatmapsUtothe interval[0,11,fRF:_?【0,l,whereforalluEU,(u)

    =

    ldenotesthat"belongstoRFtotally.RF)=0de

    notesthatUdoesnotbelongtoRF.0)<ldenotes thatUbelongstoRFpartially.ForagivenuEF(U) denotesthemembershipgradeoftheelementuinRF. ThefuzzysetRFcanbeexpressedasfollow

    RF={(",/IRF("))l"?Ul

Definition4LetU×U={(",u)}denoteaspace

    ofobjectsofjointtrustriskrelationR.Thenjoint

    trust-riskrelationRinUxUisdenotedasthemem- bershipfunctionthatmapsUxUtotheinterval[0,1,

    rF×RF:UxU—?[0,11,whereforall(ul,U2)EUxU,

    rF×RF(uI,U2)=ldenotesthat(ul,u2)belongstoTF×RF

    totally.,]-/TFxRF(U1,u2)=0denotesthat(ul,u2)doesnot belongtoTF~RF.0<,/-/TF×RF(U1,U2)<ldenotesthat(Ul,U2) belongstoTF~RFpartially.Foragiven(ul,"2)?UxU,

    rF×RF(ul,u2)denotesthemembershipgradeoftheele

    mentUlinTFandthemembershipgradeoftheelement u2inRF.ThefuzzysetTFxRFcanbeexpressedasaset oforderedpairs

    TFxRF={((uI,u2),~/TFxRF(U1,"2))lUl?u2EUl

    IfUlequalstou2,,/-/TFxRF(U1,U0denotesthemem

    bershipgradeoftheelementulinTFandRF.Ifu1does notequaltou2,RFl,"1)denotesthemembership

    gradeoftheelementUlinTFandthemembershipgrade

    oftheelementu2inRF,whichisnotpracticallymeaning. 1.3DerivationofJointTrust.RiskRelation

    Similartotrustrelation,authorizationsecurityrisk canalsobeclassifiedtotwotypes:directauthorization riskandrecommendationauthorizationrisk.Theformer donatestheuncertaintyofinfluencingthesystemsecu

    ritynegativelywhenauthorizing.Recommendationpath maynotexistbetweenthetwoprinciples.Thelater representsthataprincipaltruststheabilityofanother principaltorecommendothers.Twotypesderivation needtobetreated:concatenationofsinglerelationchain

    andintegrationofmultirelationchains. Definition5Suppose1anddenotesthemem

    bershipgradeoftwoprincipalsseparatelyinasamejoint trustriskfuzzysetaboutP,wellthenthetwotypesderi

    vationoffl,andasfollow:

    1)Concatenationofsinglerelationchain:Given A,CeU,pePifABdenotesthemembershipgrade OfaboutPinA'sview,andif--)cdenotesthemem

    bershipgradeofCaboutPinB'sview.Therefore,the membershipgradeofCaboutPinA'sviewcanbecon

    catenatedasfollows.

    AC:ABBC

    Concatenationofsinglerelationchaindefinesthe principlesthatjointtrustriskrelationbuildsonmulti subsections.Principalscancontacteachothervianot onlydirectjointrelationbutalsorecommendationrela

    tion.Thenewjointtrust-riskrelationisformedbycon

    catenationoperation.

    2)Integrationofmultirelationchains:Given A,BepeP,if1,,,denotesnumbermofthe

    membershipgradeofBaboutPinA'sview.Therefore, thenumbermofthemembershipgradeofBaboutPin A'sviewcanbeintegratedasfollows.

    _?1@@/4.

    Whenthereexistmanypathsbetweenprincipals, integrationofmultirelationchainscanbeusedtoelevate theiointrelationsyntheticallyandunitthoserelations. Letand/2separatelydenotethetrust.share andriskshare,derivationofjointtrust-riskrelationsatis

    tiesfollowingconstraints:

?Boundedness.?Weakbounde(h1ess:0?(RF?1,

    whichrestrictsthatalltheiointtrust.riskevaluationmust distributeintheinterval0,1.?Strongboundedness:

    givenA,BepeP,ifl,2,,denotesnumberm

    ofthemembershipgradeofBaboutPinA'sview, followingconstrainmustalsobesatisfiedtoT _?

    F

    B

    andB:

    (T_?F?min(/~ff,2TF,,))A(R_?F

    ?max(/~ff,,,))

    ?Monotony~GivenA,B,CepeP,ifde

    notesthemembershipgradeofBaboutPinA'sview, andifBCdenotesthemembershipgradeofCaboutP inB'sview.Trustdropsandriskincreasesasfollow alongwithoftherelationchain:

    (T_?Fc?T_?FB0BT_?Fc)A(R_?Fc?/.~RF+B?BR_?Fc)

    ?Unitariness.Supposethesetofthestatistical weights{el,,,},wellthen?0,I2:1.

    2AuthorizationManagement

    2.1AuthorizationRules

    Definition6Anauthorization1smodeledasa 3-tuple,(PrincipalA,PrincipalB,P),denotesthatprincipal AauthorizesthepermissionptoprincipalB. Afterauthorizationdecisiontakestrustandriskinto consideration,howdoestrustandriskinfluencetheau. thorizationdecision?Acceptingcriteriaontrustandrisk ispresentedfirstly.e.g.ifandonlyifthemembership gradeofBaboutPinA'sviewequaltopreconcerted

    valuere,principalAauthorizesthepermissionPto principalB.Thismaybeexpressedas

    A,BeAcanassignp,/-/TF×RF(B,)?rep.

    Definition7Anauthorizationbasedonioint trustriskevaluationismodeledasa6-tuple,(PrincipalA, PrincipalB,P,/-/TF×RF(B,),Evironment,Constraints), denoteswhen/-/TF×RF(B,B)satisfytheacceptingcriteria andrelativeconstraintsaresatisfiedunderspecificenvi. ronment,principalAauthorizesthepermissionPtoprin

    cipalB.Thismaybeexpressedas

    ,

    B?U,AcanassignP,environmentandcon

    straintsaresatisfied.

    /-/TF×RF(B,B)satisfiestheacceptingcriteria. Environmentisthecertainenvironmentalvariables, suchastimevariable.Constraintsdenotesomerestricts, suchasSeparationofDutyOtherwise.anauthoriza. tionmayberelatetomuchtrustriskacceptingcriteria,

    e.g.muchmembershipgradesofB/-/TF×R~(B2)needto

    check,multiauthorization6-tuplecanexpressthecom

    plexacceptingcriteria.

    Definition8Suppose/-/TF×RF(B,)denotesnumber

    mofthemembershipgradeofBaboutPinA'sview,an authorizationcanbecreatedasfollows:

    Grantrules.SupposeprincipalBrequesttoau. 11

    thorizepermissionPfromA,ifbothenvironmentvari- ablesandrelativeconstraintsaresatisfied,and/-/TF×RF

    (,B)satisfytheacceptingcriteria,principalAauthorizes

thepermissionptoprincipalB.

    ?Revokerules.SupposeprincipalAcanrevoke thepermissionP.Distheconstraintsofdelegationdepth anddisthecurrentdelegationdepth.Ifrelativecon

    straintsorenvironmentvariablesarenotsatisfiedor /-/TF×RF,B)doesnotsatisfytheacceptingcriteria,ord doesnotsatisfytheconstraintsofdelegationdepthD, principalArevokethepermissionPfromprincipalB. Thismaybeexpressedas

    ,B?U,AcanrevokeP,((EnvironmentorConstraints arenotsatisfied)U(?D)U(FRF,B)satisfiesthe

    acceptingcriteria))~pwillberevokedfromB. ?Delegationrules.SupposeprincipalAisnotthe ownerofthepermissionPbutcandelegatethePtooth

    ers.PrincipalBrequesttoauthorizepermissionpfromA, ifbothenvironmentvariablesandrelativeconstraintsare satisfied,anddsatisfiestheconstraintsofdelegation depthD,and/-/TF×RF(B,B)satisfytheacceptingcriteria, principalAauthorizesthepermissionPtoprincipalB. Thismaybeexpressedas

    ,

    B?U,AcandelegateP,

    EnvironmentandConstraintsaresatisfied,?D,

    /-/TF×RF(B,B)satisfiestheacceptingcriteria==>p. 2.2ProofofComplianceandSeparationofDuty Authorizationruledepictstheproblemasfollow: Whetherthesetofparametersproverequest,_cometo compliancewithlocalauthorizationprinciples?Thesetof authorizationprinciplesconstitutetheauthorizationpolicy. Anyprincipalmustholdtheownauthorizationpolicy,

Report this document

For any questions or suggestions please email
cust-service@docsford.com