ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A fine-grained, controllable, user-to-user delegation method in RBAC
Full text PdfPdf (163 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the tenth ACM symposium on Access control models and technologies table of contents
Stockholm, Sweden
SESSION: Access control model II table of contents
Pages: 59 - 66  
Year of Publication: 2005
ISBN:1-59593-045-0
Authors
Jacques Wainer  State University of Campinas, Campinas, Brazil
Akhil Kumar  Penn State University, University Park, PA
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 78,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1063979.1063991
What is a DOI?

ABSTRACT

This paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control over what rights a user wishes to delegate as opposed to delegation at the role level where all the rights of a role must be delegated. In addition, the model provides a rich set of controls regarding further delegations of a right, generic constraints that further control delegations, and an innovative model for revocations. Properties of both delegation and revocation are discussed, and our work is compared with other related research.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Vijayalakshmi Atluri , Avigdor Gal, An authorization model for temporal and derived data: securing information portals, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.62-94, February 2002  [doi>10.1145/504909.504912]
2
Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002  [doi>10.1145/581271.581276]
 
3
E. Barka , R. Sandhu, Framework for role-based delegation models, Proceedings of the 16th Annual Computer Security Applications Conference, p.168, December 11-15, 2000
 
4
Ezedin S. Barka and Ravi Sandhu. A role-based delegation model and some extensions. In 23rd National Information Systems Security Conference, October 2000. http://csrc.nist.gov/nissc/2000/proceedings/papers/021.pdf.
5
Evgeny Dantsin , Thomas Eiter , Georg Gottlob , Andrei Voronkov, Complexity and expressive power of logic programming, ACM Computing Surveys (CSUR), v.33 n.3, p.374-425, September 2001  [doi>10.1145/502807.502810]
6
Ronald Fagin, On an authorization mechanism, ACM Transactions on Database Systems (TODS), v.3 n.3, p.310-319, Sept. 1978  [doi>10.1145/320263.320288]
7
Cheh Goh , Adrian Baldwin, Towards a more complete model of role, Proceedings of the third ACM workshop on Role-based access control, p.55-62, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286898]
8
Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976  [doi>10.1145/320473.320482]
 
9
Åsa Hagström , Sushil Jajodia , Francesco Parisi-Presicce , Duminda Wijesekera, Revocations-A Classification, Proceedings of the 14th IEEE Workshop on Computer Security Foundations, p.44, June 11-13, 2001
 
10
JongSoon Park, YoungLok Lee, HyungHyo Lee, and BongNam Noh. A role-based delegation model using role hierarchy supporting restricted permission inheritance. In Proceedings of the International Conference on Security and Management, SAM '03, pages 294--302. CSREA Press, 2003.
 
11
Chun Ruan , Vijay Varadharajan, Resolving Conflicts in Authorization Delegations, Proceedings of the 7th Australian Conference on Information Security and Privacy, p.271-285, July 03-05, 2002
 
12
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
13
Ravi Sandhu , Qamar Munawer, The ARBAC99 Model for Administration of Roles, Proceedings of the 15th Annual Computer Security Applications Conference, p.229, December 06-10, 1999
14
Roberto Tamassia , Danfeng Yao , William H. Winsborough, Role-based cascaded delegation, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990061]
 
15
Jacques Wainer, Paulo Barthelmess, and Akhil Kumar. WRBAC - a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4):455--486, 2003.
 
16
Walt Yao. Fidelis: A policy-driven trust management framework. In Trust Management, First International Conference, iTrust, volume 2692 of Lecture Notes in Computer Science, pages 301--317. Springer, 2003.
17
Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003  [doi>10.1145/937527.937530]
18
Xinwen Zhang , Sejong Oh , Ravi Sandhu, PBDM: a flexible delegation model in RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775431]

CITED BY  5
He Wang , Sylvia L. Osborn, Delegation in the role graph model, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
James B. D. Joshi , Elisa Bertino, Fine-grained role-based delegation in presence of the hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Jacques Wainer , Akhil Kumar , Paulo Barthelmess, DW-RBAC: A formal security model of delegation and revocation in workflow systems, Information Systems, v.32 n.3, p.365-384, May, 2007
Quan Pham , Jason Reid , Adrian McCullagh , Ed Dawson, Commitment issues in delegation process, Proceedings of the sixth Australasian conference on Information security, January 01-01, 2008, Wollongong, NSW, Australia
M.A.C. Dekker , J. Crampton , S. Etalle, RBAC administration in distributed systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Security


Keywords:
RBAC, access control, delegation, revocation

Collaborative Colleagues:
Jacques Wainer: colleagues
Akhil Kumar: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player