A Theory of Role Composition

10 years 7 months ago
A Theory of Role Composition
We study the access control integration problem for web services. Organizations frequently use many services, each with its own access control policies, that must interoperate while maintaining secure access to information. The integration problem is to take the set of such services and to find a globally consistent access control policy that ensures no authorization failures or information disclosures for the system composed from the services. Currently, this is performed manually, and incurs high administrative overhead and high risks for errors. We give a sound and complete algorithm for access control integration by reducing the problem to Boolean constraint solving. We have implemented RoleMatcher, a tool to infer global role-based access control schemas for a set of services, and show on examples that it can quickly infer global roles for composed systems, or determine the absence of a globally consistent role schema.
Jeffrey Fischer, Rupak Majumdar
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2008
Where ICWS
Authors Jeffrey Fischer, Rupak Majumdar
Comments (0)