More Web Proxy on the site http://driver.im/

Article

Fine-grained role-based delegation in presence of the hybrid role hierarchy

Authors:

James B. D. Joshi,

Elisa BertinoAuthors Info & Claims

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

Pages 81 - 90

https://doi.org/10.1145/1133058.1133071

Published: 07 June 2006 Publication History

Abstract

Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider delegation in presence of the general hierarchy type. Multiple hierarchy types have been proposed in the context of Generalized Temporal Role-based Access Control (GTRBAC) model, where it has been shown that multiple hierarchy semantics is desirable to express fine-grained access control policies. In this paper, we address role-based delegation schemes in the of hybrid hierarchies and elaborate on fine-grained delegation schemes. In particular, we show that upward delegation, which has been considered as having no practical use, is a desirable feature. Furthermore, we show that accountability must be considered as an important factor during the delegation process. The delegation framework proposed subsumes delegations schemes proposed in earlier role-based delegation models and provide much more fine-grained control of delegation semantics.

References

[1]

V. Atluri, J. Warner, Supporting Conditional Delegation in Secure Workflow Management Systems, ACM Symposium on Access Control Models and Technologies, Sweden, Jun 1-3, 2005.

Digital Library

[2]

E. Barka and R. Sandhu, A Role-Based Delegation Model and Some Extensions, Proc. of 23rd National Information Systems Security Conference, Dec, 2000.

Digital Library

[3]

E. Barka and R. Sandhu, Role-Based Delegation Models/Hierarchical Roles, Proc Annual Computer Security Application Conference. 2004.

Digital Library

[4]

D. F. Ferraiolo, D. M. Gilbert, and N Lynch. An Examination of Federal and Commercial Access Control Policy Needs. In Proceedings of NISTNCSC National Computer Security Conference, pages 107--116, Baltimore, MD, September 20-23 1993.

[5]

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. Richard Kuhn, R. Chandramouli. Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC) Volume 4, Issue 3, August 2001.

Digital Library

[6]

M. Gasser, E. McDermott, An Architecture for practical Delegation in a Distributed System, 1990 IEEE Computer Society Symposium on Research in Security and Privacy. May, 1990.

[7]

L. Giuri. Role-based access control: A natural approach. In Proceedings of the 1st ACM Workshop on Role-Based Access Control. ACM, 1997.

Digital Library

[8]

C. Goh and A. Baldwin, Towards a more Complete Model of Role, Proc. of 3rd ACM Workshop on Role-Based Access Control. October, 1998.

Digital Library

[9]

J. B. D. Joshi, A. Ghafoor, W. Aref, E. H. Spafford. Digital Government Security Infrastructure Design Challenges. IEEE Computer, Vol. 34, No. 2, February 2001, pages 66--72.

Digital Library

[10]

J. B. D. Joshi, W. G. Aref, A. Ghafoor and E. H. Spafford. Security models for web-based applications. Communications of the ACM, 44, 2 (Feb. 2001), pages 38--72.

Digital Library

[11]

J. B. D. Joshi, E. Bertino, A. Ghafoor. Temporal hierarchy and Inheritance Semantics for GTRBAC. 7th ACM Symposium on Access Control Models and Technologies. Monterey, CA, June 3-4, 2002.

Digital Library

[12]

J. B. D. Joshi, E. Bertino, A. Ghafoor. Hybrid Temporal Role Hierarchies in GTRBAC. Submitted to ACM Transactions on Information and System Security.

[13]

J. B. D. Joshi, E. Bertino, U. Latif, A. Ghafoor. Generalized Temporal Role Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, Vol 17, No. 1 pages 4--23, Jan, 2005.

Digital Library

[14]

R.W.C. Lui and L.C.K. Hui, A Model for Delegation of Accountability, IASTED International Conference on Software Engineering, SE 2004.

[15]

J. D. Moffett, Delegation of Authority Using Domain Based Access Rules, PhD Thesis. Dept of Computing, Imperial College, University of London. 1990.

[16]

N. Nagaratnam, D. Lea, Secure Delegation for Distributed Object Environments, USENIX Conference on Object Oriented Technologies and Systems. April, 1998.

Digital Library

[17]

S. Osborn, R. Sandhu, Q. Munawer. Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security, 3(2):85-106, May 2000.

Digital Library

[18]

R. Sandhu, E. J. Coyne, H. L. Feinstein, C. E. Youman. Role-Based Access Control Models. IEEE Computer 29(2): 38--47, IEEE Press, 1996.

Digital Library

[19]

R. Sandhu. Role Hierarchies and Constraints for Lattice-based Access Controls. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo Eds., Computer Security - Esorics'96, LNCS N. 1146, Rome, Italy, 1996, pages 65--79.

Digital Library

[20]

R. Sandhu, Role Activation Hierarchies, 3rd ACM Workshop on Role-Bused Access Fairfax VA, 1998.

Digital Library

[21]

R. Sandhu, V. Bhamidipati and Q. Munawer, The ARBAC97 Model for Role-Based Administration of Roles, ACM Transactions on Information and System Security, Volume 2, Number 1, February, 1999.

Digital Library

[22]

B. Shafiq, J. B. D. Joshi, E. Bertino, A. Ghafoor, Secure Interoperation in a Multi-Domain Environment Employing RBAC Policies, Submitted to IEEE Transactions on Knowledge and Data Engineering (2004).

Digital Library

[23]

L. A. Stein, Delegation Is Inheritance, Proc. Of Object-Oriented Programming Systems, Languages, and Applications (OOPSLA '87). October, 1987.

Digital Library

[24]

R. K. Thomas. Team Based Access Control (TBAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. ACM Proceedings of the second ACM workshop on Role-based access control Fairfax., Nov, 1997.

Digital Library

[25]

J. Wainer, A. Kumar, A Fine-grained, Controllable, User-to-user Delegation Method in RBAC, ACM Symposium on Access Control Models and Technologies, Sweden, Jun 1-3, 2005.

Digital Library

[26]

X. Zhang, S. Oh and R. Sandhu, PBDM: A Flexible Delegation Model in RBAC http://www.list.gmu.edu/confrnc/sacmat/2003_pbdm.pdf, SACMAT 2003.

Digital Library

[27]

L. Zhang, G. Ahn, and B. Chu, A rule-based Framework for Role-Based Delegation, ACM Transactions on Information and Systems Security, Vol 6, No. 3, August 2003, Pages 404--4.

Digital Library

Cited By

Simpson W(2016)- Database AccessEnterprise Level Security10.1201/b20115-27(240-273)Online publication date: 27-Apr-2016
https://doi.org/10.1201/b20115-27
Cramer MPang JZhang YWeippl EKerschbaum FLee A(2015)A Logical Approach to Restricting Access in Online Social NetworksProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752967(75-86)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752967
Ben Fadhel ABianculli DBriand L(2015)A comprehensive modeling framework for role-based access control policiesJournal of Systems and Software10.1016/j.jss.2015.05.015107:C(110-126)Online publication date: 1-Sep-2015
https://dl.acm.org/doi/10.1016/j.jss.2015.05.015
Show More Cited By

Index Terms

Fine-grained role-based delegation in presence of the hybrid role hierarchy
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

A fine-grained, controllable, user-to-user delegation method in RBAC
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

This paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

June 2006

256 pages

ISBN:1595933530

DOI:10.1145/1133058

General Chair:
David Ferraiolo
NIST, USA
,
Program Chair:
Indrakshi Ray
Colorado State University, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT06

Sponsor:

SACMAT06: 11th ACM Symposium on Access Control Models and Technologies 2006

June 7 - 9, 2006

California, Lake Tahoe, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
778
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Simpson W(2016)- Database AccessEnterprise Level Security10.1201/b20115-27(240-273)Online publication date: 27-Apr-2016
https://doi.org/10.1201/b20115-27
Cramer MPang JZhang YWeippl EKerschbaum FLee A(2015)A Logical Approach to Restricting Access in Online Social NetworksProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752967(75-86)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752967
Ben Fadhel ABianculli DBriand L(2015)A comprehensive modeling framework for role-based access control policiesJournal of Systems and Software10.1016/j.jss.2015.05.015107:C(110-126)Online publication date: 1-Sep-2015
https://dl.acm.org/doi/10.1016/j.jss.2015.05.015
Uzun EAtluri VVaidya JSural SFerrara AParlato GMadhusudan P(2014)Security analysis for temporal role based access controlJournal of Computer Security10.5555/2699777.269978022:6(961-996)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.5555/2699777.2699780
Uzun EAtluri VVaidya JSural S(2013)Analysis of TRBAC with Dynamic Temporal Role HierarchiesProceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 796410.5555/2940086.2940115(297-304)Online publication date: 15-Jul-2013
https://dl.acm.org/doi/10.5555/2940086.2940115
Uzun EAtluri VVaidya JSural S(2013)Analysis of TRBAC with Dynamic Temporal Role HierarchiesData and Applications Security and Privacy XXVII10.1007/978-3-642-39256-6_22(297-304)Online publication date: 2013
https://doi.org/10.1007/978-3-642-39256-6_22
Li MSun XWang HZhang Y(2012)Multi-level delegations with trust management in access control systemsJournal of Intelligent Information Systems10.1007/s10844-012-0205-839:3(611-626)Online publication date: 9-May-2012
https://doi.org/10.1007/s10844-012-0205-8
Schefer-Wenzl SStrembeck MBaumgrass A(2012)An Approach for Consistent Delegation in Process-Aware Information SystemsBusiness Information Systems10.1007/978-3-642-30359-3_6(60-71)Online publication date: 2012
https://doi.org/10.1007/978-3-642-30359-3_6
Toahchoodee MRay I(2011)On the formalization and analysis of a spatio-temporal role-based access control modelJournal of Computer Security10.5555/2011016.201101919:3(399-452)Online publication date: 1-Aug-2011
https://dl.acm.org/doi/10.5555/2011016.2011019
Alam MZhang XKhan KAli GBreu RCrampton JLobo J(2011)xDAuthProceedings of the 16th ACM symposium on Access control models and technologies10.1145/1998441.1998447(31-40)Online publication date: 15-Jun-2011
https://dl.acm.org/doi/10.1145/1998441.1998447
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents