A rule-based framework for role based delegation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A rule-based framework for role based delegation

Full text

Pdf (238 KB)

Source

ACM Workshop on Role Based Access Control archive
Proceedings of the sixth ACM symposium on Access control models and technologies table of contents

Chantilly, Virginia, United States

Pages: 153 - 162

Year of Publication: 2001

ISBN:1-58113-350-2

Authors

Longhua Zhang	UNC Charlotte, Charlotte, NC
Gail-Joon Ahn	UNC Charlotte, Charlotte, NC
Bei-Tseng Chu	UNC Charlotte, Charlotte, NC

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 46, Citation Count: 15

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/373256.373289 What is a DOI?

ABSTRACT

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security officers. The emerging technology of role-based delegation provides a means for implementing RBAC in a distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a role-based delegation model called RDM2000 (role-based delegation model 2000), which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation. The paper explores different approaches for delegation and revocation. Also, a rule-based language for specifying and enforcing the policies based on RDM2000 is introduced.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Gail-Joon Ahn , Ravi Sandhu, The RSL99 language for role-based separation of duty constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.43-54, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319176]
	2	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	3	Tuomas Aura, Distributed access-rights management with delegation certificates, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	4	Matt Blaze , Joan Feigenbaum , John Ioannidis , Angelos D. Keromytis, The role of trust management in distributed systems security, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	5	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	6	Venkata Bhamidipati and Ravi Sandhu. Push Architectures for USER ROLE Assignment. Proceedings of 23 rd National Information Systems Security Conference, pages 89-100, Baltimore, Oct. 16-19, 2000
	7	Ezedin Barka and Ravi Sandhu. A Role-based Delegation Model and Some Extensions. Proceedings of 16 th Annual Computer Security Application Conference, Sheraton New Orleans, Dec. 11-15, 2000
	8	Ezedin Barka and Ravi Sandhu. Framework for Role-Based Delegation Model. Proceedings of 23 rd National Information Systems Security Conference, pages 101- 114, Baltimore, Oct. 16-19, 2000
	9	David Ferriaolo, Janet Cugini, and Richard Kuhn. Role-based access control (RBAC): Features and Motivations. Proceeding s of 11 th Annual Computer Security Application Conference, pages 241-248, New Orleans, LA, Dec 11-15 1995.
	10	H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997 [doi>10.1145/248625.248652]
	11	Morrie Gasser, Ellen McDermott. An Architecture for Practical Delegation a Distributed System. 1990 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA, May 7-9,1990
	12	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	13	Ninghui Li , Joan Feigenbaum , Benjamin N. Grosof, A Logic-based Knowledge Representation for Authorization with Delegation, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.162, June 28-30, 1999
	14	Ninghui Li , Benjamin Grosof , Joan Feigenbaum, A Practically Implementable and Tractable Delegation Logic, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.27, May 14-17, 2000
	15	John Linn , Magnus Nyström, Attribute certification: an enabling technology for delegation and role-based controls in distributed environments, Proceedings of the fourth ACM workshop on Role-based access control, p.121-130, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319183]
	16	Ravi Sandhu, Rationale for the RBAC96 family of access control models, Proceedings of the first ACM Workshop on Role-based access control, p.9-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States [doi>10.1145/270152.270167]
	17	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999 [doi>10.1145/300830.300839]
	18	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	19	Serge Abiteboul , Stéphane Grumbach, A rule-based language with functions and sets, ACM Transactions on Database Systems (TODS), v.16 n.1, p.1-30, March 1991 [doi>10.1145/103140.103141]
	20	C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T. Ylonen. SPKI Certificate Theory, RFC2693, http://www.ietf.org/rfc/rfc2693.txt, 1999

CITED BY 15

	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A role-based delegation framework for healthcare information systems, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Andreas Schaad , Jonathan Moffett, Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003
	Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, A role administration system in role-based authorization infrastructures: design and implementation, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
	Chunxiao Ye , Yunqing Fu , Zhongfu Wu, An attribute-based-delegation-model, Proceedings of the 3rd international conference on Information security, November 14-16, 2004, Shanghai, China
	Shihyu Chou , Eric Jui-Lin Lu , Yi-Hui Chen, X-RDR: a role-based delegation processor for web-based information systems, ACM SIGOPS Operating Systems Review, v.39 n.1, p.4-21, January 2005
	Vijayalakshmi Atluri , Janice Warner, Supporting conditional delegation in secure workflow management systems, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	William Tolone , Gail-Joon Ahn , Tanusree Pai , Seng-Phil Hong, Access control in collaborative systems, ACM Computing Surveys (CSUR), v.37 n.1, p.29-41, March 2005
	Xinwen Zhang , Sejong Oh , Ravi Sandhu, PBDM: a flexible delegation model in RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, On modeling system-centric information for role engineering, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Hidehito Gomi , Makoto Hatakeyama , Shigeru Hosono , Satoru Fujita, A delegation framework for federated identity management, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA
	Hua Wang , Jiuyong Li , Ron Addie , Stijn Dekeyser , Richard Watson, A framework for role-based group deligation in distributed environments, Proceedings of the 29th Australasian Computer Science Conference, p.321-328, January 16-19, 2006, Hobart, Australia
	He Wang , Sylvia L. Osborn, Delegation in the role graph model, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Andreas Schaad , Volkmar Lotz , Karsten Sohr, A model-checking approach to analysing organisational controls in a loan origination process, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Quan Pham , Jason Reid , Adrian McCullagh , Ed Dawson, Commitment issues in delegation process, Proceedings of the sixth Australasian conference on Information security, January 01-01, 2008, Wollongong, NSW, Australia