RAR: A role-and-risk based flexible framework for secure collaboration

Collaboration among virtual organizations enables domains to effectively share resources. However, it also opens ways for several security and privacy breaches; the problem becomes severe along with the increasing complexity and dynamics of grid environments. As such, in this paper, we propose a flexible secure collaboration framework: called RAR (Role-And-Risk). We introduce the architecture of RAR, and two major components of RAR. The first component is for generating inter-domain role mappings (IDRM) as a basis for collaboration. We study the complexity of IDRM while taking the separation of duty constraints and administrative cost into account; it turns out to be intractable for most cases. RAR addresses IDRM related problems by reducing them to well-known problems (e.g., the satisfiability problem SAT), which have been studied for decades and various mature solvers exist in literature. On the other hand, to deal with the dynamics and uncertainty of distributed environments, we employ the notion of risk to monitor and manage the security threat induced by collaboration. RAR’s flexibility lies in the tunable interoperability and the use of risk for timely monitoring users’ accesses.

Research highlights
► A framework for secure collaboration in multi-domain environments is presented.
► Computational complexity of role mapping generation problems is studied.
► Maximal and tunable interoperability among domains is supported.
► Risk management mechanism is used to deal with dynamics and uncertainty.