The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.10 - October (2011 vol.23)
pp: 1569-1582
He Wang , The University of Western Ontario, London
Sylvia L. Osborn , The University of Western Ontario, London
ABSTRACT
Delegation in access control is used to deal with exceptional circumstances, when a regular user is unable to perform their normal job and delegates all or part of it to others. These situations can be anticipated and built into the security design as static delegation; however, unforseen circumstances can still occur requiring dynamic delegation to be specified at runtime. This paper presents both static and dynamic delegation in the context of the Role Graph Model. To properly capture runtime events, we add sessions to the RGM. We then introduce session-oriented, dynamic delegation, a new concept in RBAC models, using an edge-labeling method. Constraints applicable to both static and dynamic delegation are examined.
INDEX TERMS
Access controls, security, integrity, and protection.
CITATION
He Wang, Sylvia L. Osborn, "Static and Dynamic Delegation in the Role Graph Model", IEEE Transactions on Knowledge & Data Engineering, vol.23, no. 10, pp. 1569-1582, October 2011, doi:10.1109/TKDE.2010.205
REFERENCES
[1] M. Nyanchama and S. Osborn, "Access Rights Administration in Role-Based Security Systems," Proc. Working Conf. Database Security VIII, Status and Prospects, pp. 37-56, 1994.
[2] M. Nyanchama and S. Osborn, "The Role Graph Model and Conflict of Interest," ACM Trans. Information and Systems Security, vol. 2, no. 1, pp. 3-33, 1999.
[3] H. Wang and S. Osborn, "An Administrative Model for Role Graphs," Data and Applications Security XVII: Proc. 17th Ann. IFIP WG 11.3 Working Conf. Database and Applications Security Status and Prospects, pp. 39-44, 2003.
[4] H. Wang and S. Osborn, "Delegation in the Role Graph Model," Proc. 11th ACM Symp. Access Control Models and Technologies (SACMAT), pp. 91-100, 2006.
[5] D.F. Ferraiolo, J.F. Barkley, and D.R. Kuhn, "A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet," ACM Trans. Information and Systems Security, vol. 2, no. 1, pp. 34-64, 1999.
[6] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[7] R. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 Model for Role-Based Administration of Roles," ACM Trans. Information and System Security, vol. 2, no. 1, pp. 105-135, 1999.
[8] S. Oh and R. Sandhu, "A Model for Role Administration Using Organization Structure," Proc. Seventh ACM Symp. Access Control Models and Technologies (SACMAT), pp. 155-163, 2002.
[9] D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli, "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and Systems Security, vol. 4, no. 3, pp. 224-274, 2001.
[10] J. Spivey, The Z Notation: A Reference Manual, C.H. Series, ed., second ed. Prentice Hall, 1992.
[11] B. Potter, J. Sinclair, and D. Till, An Introduction to Formal Specification and Z, C.H. Series, ed., second ed. Prentice Hall, 1996.
[12] C. Ionita and S. Osborn, "Privilege Administration for the Role Graph Model," Proc. 16th IFIP WG11.3 Working Conf. Database and Application Security, pp. 15-25, 2002.
[13] S. Osborn, "Database Security Integration Using Role-Based Access Control," Proc. 14th Ann. IFIP WG11.3 Working Conf. Database Security, pp. 245-258, 2000.
[14] S. Osborn and Y. Guo, "Modeling Users in Role-Based Access Control," Proc. Fifth ACM Workshop Role-Based Access Control, pp. 31-37, 2000.
[15] S.L. Osborn, "Role-Based Access Control," Security, Privacy and Trust in Modern Data Management, M. Petkovic and W. Jonker, eds., pp. 55-70, Springer, 2007.
[16] E. Barka and R. Sandhu, "Framework for Role-Based Delegation Models," Proc. 16th Ann. Computer Security Applications Conf., pp. 168-176, 2000.
[17] E. Barka and R. Sandhu, "A Role-Based Delegation Model and Some Extensions," Proc. 23rd Nat'l Information Systems Security Conf., pp. 396-404, Oct. 2000.
[18] E. Barka and R. Sandhu, "Role-Based Delegation Model/Hierarchical Roles (rbdm1)," Proc. 20th Ann. Computer Security Applications Conf., pp. 396-404, 2004.
[19] X. Zhang, S. Oh, and R. Sandhu, "PBDM: A Flexible Delegation Model in RBAC," Proc. Eighth ACM Symp. Access Control Models and Technologies (SACMAT), pp. 149-157, 2003.
[20] L. Zhang, G.-J. Ahn, and B.-T. Chu, "A Rule-Based Framework for Role-Based Delegation and Revocation," ACM Trans. Information and Systems Security, vol. 6, no. 3, pp. 404-441, Aug. 2003.
[21] L. Zhang, G.-J. Ahn, and B.-T. Chu, "A Rule-Based Framework for Role Based Delegation," Proc. Sixth ACM Symp. Access Control Models and Technologies (SACMAT), pp. 153-162, 2001.
[22] G.-J. Ahn, L. Zhang, D. Shin, and B. Chu, "Authorization Management for Role-Based Collaboration," Proc. IEEE Int'l Conf. Systems, Man and Cybernetics, vol. 5, pp. 4128-4134, 2003.
[23] G.-J. Ahn and B. Mohan, "Secure Information Sharing Using Role-Based Delegation," Proc. Int'l Conf. Information Technology: Coding and Computing, vol. 2, pp. 810-815, 2004.
[24] W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong, "Access Control in Collaborative Systems," ACM Computing Surveys, vol. 37, no. 1, pp. 29-41, 2005.
[25] J. Wainer and A. Kumar, "A Fine-Grained, Controllable, User-to-User Delegation Method in RBAC," Proc. 10th ACM Symp. Access Control Models and Technologies (SACMAT), pp. 59-66, 2005.
[26] P.P. Griffiths and B.W. Wade, "An Authorization Mechanism for a Relational Database System," ACM Trans. Database Systems, vol. 1, no. 3, pp. 242-255, 1976.
[27] R. Fagin, "On an Authorization Mechanism," ACM Trans. Database Systems, vol. 3, no. 3, pp. 310-319, 1978.
[28] V. Atluri and J. Warner, "Supporting Conditional Delegation in Secure Workflow Management Systems," Proc. the 10th ACM Symp. Access Control Models and Technologies, pp. 49-58, 2005.
[29] J. Crampton and H. Khambhammettu, "Delegation in Role-Based Access Control," Proc. European Symp. Research in Computer Security (ESORICS '06), pp. 174-191, 2006.
[30] J. Crampton and G. Loizou, "Administrative Scope and Role Hierarchy Operations," Proc. Seventh ACM Symp. Access Control Models and Technologies (SACMAT), pp. 145-154, 2002.
[31] C. Wood and E. Fernandez, "Decentralized Authorization in a Database System," Proc. the Fifth Int'l Conf. Very Large Data Bases (VLDB), pp. 352-359, 1979.
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool