Abstract
Role-Based Access Control(RBAC) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls.[7] RBAC ensures that only authorized users are given access to protected data or resources. A successful marriage of Web and RBAC technology can support effective security in large scale enterprise-wide systems with various organization structures. Most large organizations have some business rules related to access control policy. Delegation of authority is an important one of these rules.[1] RBDM0, RDM2000 and PBDM models are recently published models for role-based delegation. RBDM0 and RDM2000 models deal with user-to-user delegation and total delegation. PBDM supports user-to-user and role-to-role delegations and also supports both role and permission level delegation, which provides great flexibility in authority management. But PBDM does not support constraints in RBAC delegation models, such as separation of duty in user-to-user and role to-role delegation. This paper proposes a new delegation model using characteristics of permissions, in which security administrator can easily perform partial delegation, permission level delegation and restricted inheritance. It supports flexible delegation by dividing a role into sub-roles according to characteristics of permissions assigned to the role and considering delegation and inheritance simultaneously. It provides flexibility in authority management such as multi-step delegation, multi-option revocation and controlled inheritance by including characteristics of PBDM and sub-role hierarchies concept. It also supports constraints such as separation of duty based on permission in user-to-user and role-to-role delegation.
“This work was supported by the Korea Research Foundation Grant.”(KRF-2004-002-D00391).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Zhang, X., Oh, S., Sandhu, R.: PBDM: A Flexible Delegation Model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), June 2003, pp. 149–157 (2003)
Lee, H., Lee, Y., Noh, B.: A new Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 811–818. Springer, Heidelberg (2003)
Yi, Y., Kim, M., Lee, Y., Lee, H., Noh, B.: Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment. In: Zhou, X., Zhang, Y., Orlowska, M.E. (eds.) APWeb 2003. LNCS, vol. 2642, pp. 287–292. Springer, Heidelberg (2003)
Zhang, L., Ahn, G.-J., Chu, B.-T.: A rule-based Framework for Role-Based Delegation. In: Proc. 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001) (May 2001)
Barka, E., Sandhu, R.: A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference (NISSC 2000) (December 2000)
Barka, E., Sandhu, R.: Framework for Role-Based Delegation Models. In: Proc of 16th Annual Computer Security Application Conference (ACSAC 2000) (December 2000)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC 1997 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security 2(1) (February 1999)
Crampton, J.: Specifying and Enforcing Constraints in Role-Based Access Control. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), June 2003, pp. 43–50 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, DG., Lee, YR. (2005). A Flexible Role-Based Delegation Model Using Characteristics of Permissions. In: Andersen, K.V., Debenham, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2005. Lecture Notes in Computer Science, vol 3588. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11546924_31
Download citation
DOI: https://doi.org/10.1007/11546924_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28566-3
Online ISBN: 978-3-540-31729-6
eBook Packages: Computer ScienceComputer Science (R0)