The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang...
-
Upload
rudolph-green -
Category
Documents
-
view
215 -
download
0
Transcript of The Efficient Maintenance of Access Roles with Role Hiding Chaoyi Pang...
The Efficient Maintenance of Access Roles with Role Hiding
Chaoyi Pang [email protected] Zhang [email protected]
Yanchun Zhang [email protected] Ramamohanarao [email protected]
COMAD'2008. 2
Overview Motivation Multi-domain secure role graph Main ideas Updating cross-domain accesses Updating privileges on a role Experiments Conclusions
COMAD'2008. 3
MotivationThe efficient maintenance of role accessibility:
In a multi-domain environment that supports role-hiding.
In a multi-domain environment where a service provider acts as the central mediator.
In database applications using a first-order predicate language (SQL).
To support various updates and changes.
COMAD'2008. 4
The role graph A directed acyclic graph (DAG)
representing the subsumption relationship among roles.
The transitive closure relation for a role graph represents the “reachability” relationship.
COMAD'2008. 5
The multi-domain secure role graph G0, the role graph for the mediating
service provider. G1 … Gn, the role graphs for domains 1 …
n. Cross-domain accesses link domains. Some roles of a domain are hidden from
the service provider or other domains.
COMAD'2008. 7
The privileges for roles
• In a domain, the privileges for a role are propagated to its ancestor roles.
• Privileges are not propagated via the cross-domain arcs.
COMAD'2008. 8
Main ideas The role accessibility is represented as
computing the transitive closure relation among roles.
The incremental maintenance of the accessibility of roles is mapped to incrementally compute the transitive closures for DAGs.
COMAD'2008. 9
Core algorithms – Add(G, TCG, E)
Given a graph G, its transitive closure TCG, and a set of arcs E to be inserted to G, the new access node pairs that should be added to TC are those form a path via E.
INSERT INTO Susp(Start,Tail)SELECT DISTINCT X.Start, Y.TailFROM TC X, TC Y, EWHERE X.Tail=E.Start AND Y.Start=E.Tail;
INSERT INTO TC(Start,Tail)SELECT * FROM Susp;
COMAD'2008. 10
Core Algorithms – Del(G, TC, E)A set of node pairs depending on E are
deleted first, which may result in wrong deletions. The wrong deletions are then corrected via joining.
COMAD'2008. 11
Core Algorithms – Del(G, TC, E) …
% Table Susp: When deleting E(Start,Tail), any path from x % via a node pair of E to y are affected and stored in Susp.INSERT INTO Susp(Start,Tail)SELECT X.Start, Y.TailFROM TC X, TC Y, EWHERE X.Tail=E.Start AND Y.Start=E.Tail;
% TABLE Trust: the node pairs not using the deleted arcs of E.INSERT INTO Trust(Start,Tail)SELECT A.Start, A.TailFROM TC AWHERE NOT EXISTS (SELECT * FROM Susp X
WHERE X.Star=A.Star AND X.Tail=A.Tail);
COMAD'2008. 12
Core Algorithms – Del(G, TC, E) …% TABLE Temp: new node pair (u,v) represents a path from u to v.INSERT INTO Temp(Start,Tail)SELECT A.Start, B.TailFROM TRUST A, G, TRUST BWHERE A.Tail=G.Star AND G.Tail=B.Star AND
(NOT EXISTS (SELECT * FROM EWHERE E.Star=G.Star AND E.Tail=G.Tail)) AND(EXISTS (SELECT * FROM Susp X
WHERE X.Star=A.Star AND X.Tail=B.Tail));
% The result: Update TABLE TC.DELETE FROM TC;INSERT INTO TC(Start,Tail)(SELECT Start, Tail FROM Trust)UNION(SELECT A.Start, A.Tail FROM Temp A);
COMAD'2008. 13
Updating cross-domain arcs Inserting a cross-domain arc e(u, v):
Let <u be the set of arcs originating from u that need to be inserted.
Add(Gms, TCGms, TC<u), where Gms is the global role graph.
Remove redundant access node pairs. Deleting a cross-domain arc e(u, v):
Let >v be the set of arcs need to be deleted. H=Del(Gms, TCGms, e).
Del(G’, H, TC>v) where G’=Gms-e.
COMAD'2008. 14
Updating role privilegesUpdate (insertion or deletion) of a privilege
on a role: Finding the affected roles. Removing null and reducible roles, and
removing redundancy. Subsumption induced by merging roles.
COMAD'2008. 16
Conclusions The efficient maintenance of accessibility
among roles in a multi-domain environment supporting role hiding has been studied.
The SQL-based incremental approach can be applied in database applications.
Our proposed approach can be extended to multi service providers satisfying the acyclic requirement for role graphs.