Multi-Domain Access Control and Trust (Synthesis Lectures on Information Security, Privacy, and Trust)
In recent years, we have been witness to rapid advances in high-performance computing and networking technologies that have given rise to tremendous growth of large-scale distributed IT environments. Security and privacy have become significant concerns in such environments. An essential aspect of current and emerging IT environments is the interconnectedness of different components in the form of heterogeneous systems, applications, or entire IT infrastructures. In some cases such environments span state (e.g., in an eGovernment environment ) and national boundaries (e.g., in the case of multinational enterprises and their partnership with other multinational enterprises). These environments often give rise to serious challenges with regards security and privacy requirements and enforcement. Such environments are essentially multidomain environments where multiple security and administrative domains coexist with their individual sets of security and privacy requirements as well as administrative control. This amalgam of heterogeneous IT domains with their unique protection requirements are becoming more of a common phenomenon than individual, isolated systems that were seen decades ago. Examples of these multidomain environments include Internet-based applications, digital government environments, integrated healthcare systems, IT infrastructure in multinational enterprises. Recently growing Cybersecurity incidents including compromise of various commercial systems, nation or state sponsored cyber-attacks (e.g., Chinese hackers infiltrating US institutions , growing attacks from Iran , Stuxnet, etc.), have allowed us to peek into the dangers of how globally connected Internet environments and the heterogeneity of protection measures of interconnected infrastructures may be exploited in the digital world. To ensure the success of current and emerging highly interconnected, distributed, multidomain environments, it is imperative that we have effective and efficient security mechanisms and frameworks that provide holistic solutions to security and privacy challenges in such complex environments. While many security issues need to be addressed in an integrated way, key towards building such secure environments is to develop appropriate models and mechanisms for establishing appropriated level of trust and managing cross domain accesses. While other security issues such as authentication, intrusion detection, and response, security accounting, etc. are as important, we focus on the central issues of access and trust management in this book.