A Flexible Role-Based Delegation Model Using Characteristics of Permissions

Park, Dong-Gue; Lee, You-Ri

doi:10.1007/11546924_31

A Flexible Role-Based Delegation Model Using Characteristics of Permissions

Dong-Gue Park¹⁹ &
You-Ri Lee¹⁹

Conference paper

1246 Accesses
6 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3588))

Abstract

Role-Based Access Control(RBAC) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls.[7] RBAC ensures that only authorized users are given access to protected data or resources. A successful marriage of Web and RBAC technology can support effective security in large scale enterprise-wide systems with various organization structures. Most large organizations have some business rules related to access control policy. Delegation of authority is an important one of these rules.[1] RBDM0, RDM2000 and PBDM models are recently published models for role-based delegation. RBDM0 and RDM2000 models deal with user-to-user delegation and total delegation. PBDM supports user-to-user and role-to-role delegations and also supports both role and permission level delegation, which provides great flexibility in authority management. But PBDM does not support constraints in RBAC delegation models, such as separation of duty in user-to-user and role to-role delegation. This paper proposes a new delegation model using characteristics of permissions, in which security administrator can easily perform partial delegation, permission level delegation and restricted inheritance. It supports flexible delegation by dividing a role into sub-roles according to characteristics of permissions assigned to the role and considering delegation and inheritance simultaneously. It provides flexibility in authority management such as multi-step delegation, multi-option revocation and controlled inheritance by including characteristics of PBDM and sub-role hierarchies concept. It also supports constraints such as separation of duty based on permission in user-to-user and role-to-role delegation.

“This work was supported by the Korea Research Foundation Grant.”(KRF-2004-002-D00391).

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Zhang, X., Oh, S., Sandhu, R.: PBDM: A Flexible Delegation Model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), June 2003, pp. 149–157 (2003)
Google Scholar
Lee, H., Lee, Y., Noh, B.: A new Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds.) ISCIS 2003. LNCS, vol. 2869, pp. 811–818. Springer, Heidelberg (2003)
Chapter Google Scholar
Yi, Y., Kim, M., Lee, Y., Lee, H., Noh, B.: Applying RBAC Providing Restricted Permission Inheritance to a Corporate Web Environment. In: Zhou, X., Zhang, Y., Orlowska, M.E. (eds.) APWeb 2003. LNCS, vol. 2642, pp. 287–292. Springer, Heidelberg (2003)
Chapter Google Scholar
Zhang, L., Ahn, G.-J., Chu, B.-T.: A rule-based Framework for Role-Based Delegation. In: Proc. 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001) (May 2001)
Google Scholar
Barka, E., Sandhu, R.: A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference (NISSC 2000) (December 2000)
Google Scholar
Barka, E., Sandhu, R.: Framework for Role-Based Delegation Models. In: Proc of 16th Annual Computer Security Application Conference (ACSAC 2000) (December 2000)
Google Scholar
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)
Google Scholar
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC 1997 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security 2(1) (February 1999)
Google Scholar
Crampton, J.: Specifying and Enforcing Constraints in Role-Based Access Control. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), June 2003, pp. 43–50 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information and Technology Engineering, College of Engineering, SoonChunHyang University, San 53-1, Eupnae-ri, Shinchang-myun Asan-si, Choongnam, Korea
Dong-Gue Park & You-Ri Lee

Authors

Dong-Gue Park
View author publications
You can also search for this author in PubMed Google Scholar
You-Ri Lee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Copenhagen Business School, Centre for Applied ICT, 60 Howitzvej, 2000, Frederiksberg, DK
Kim Viborg Andersen
University Of Technology Sydney, NSW 2007, Australia
John Debenham
University of Linz, Altenbergerstraße 69, 4040, Linz, Austria
Roland Wagner

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Park, DG., Lee, YR. (2005). A Flexible Role-Based Delegation Model Using Characteristics of Permissions. In: Andersen, K.V., Debenham, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2005. Lecture Notes in Computer Science, vol 3588. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11546924_31

Download citation

DOI: https://doi.org/10.1007/11546924_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28566-3
Online ISBN: 978-3-540-31729-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics