Skip to main content
Springer Nature Link
Log in

Role-Based Delegation with Negative Authorization

  • Conference paper
Frontiers of WWW Research and Development - APWeb 2006 (APWeb 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3841))

Included in the following conference series:

Abstract

Role-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for RBDM in distributed environment where a conflicting problem may arise when one user grants permission of a role to a delegated user and another user grants the negative permission to the delegated user.

This paper aims to analyse role-based group delegation features that has not studied before, and to provide an approach for the conflicting problem by adopting negative authorization. We present granting and revocation delegating models first, and then discuss user delegation authorization and the impact of negative authorization on role hierarchies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. Al-Kahtani, E., Sandhu, R.: Rule-Based RBAC with Negative Authorization. In: 20th Annual Computer Security Applications Conference, Tucson, Arizona, pp. 405–415 (2004)

    Google Scholar 

  3. Aura, T.: Distributed access-rights management with delegation certificates. In: Vitec, J., Jensen, C. (eds.) Security Internet programming, pp. 211–235. Springer, Berlin (1999)

    Chapter  Google Scholar 

  4. Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceeings of 16th Annual Computer Security Application Conference, Sheraton New Orleans, December 2000, pp. 168–177 (2000a)

    Google Scholar 

  5. Barka, E., Sandhu, R.: Framework for role-based delegation model. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16-19, pp. 101–114 (2000b) (2000)

    Google Scholar 

  6. Barkley, J.F., Beznosov, K., Uppal, J.: Supporting Relationships in Access Control Using Role Based Access Control. In: Fourth ACM Workshop on Role Based Access Control, pp. 55–65 (1999)

    Google Scholar 

  7. Bell, D.E., La Padula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. Technical report ESD-TR-75-306, The Mitre Corporation, Bedford MA, USA (1976)

    Google Scholar 

  8. Bertino, E.P., Samarati, P., Jajodia, S.: An Extended Authorization Model for Relational Databases. IEEE Transactions On Knowledge and Data Engineering 9(1), 145–167 (1997)

    Article  Google Scholar 

  9. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The role of trust management in distributed system security. Security Internet Programming. In: Vitec, J., Jensen, C. (eds.), pp. 185–210. Springer, Berlin (1999)

    Google Scholar 

  10. David, F.F., Dennis, M.G., Nickilyn, L.: An examination of federal and commercial access control policy needs. In: NIST NCSC National Computer Security Conference, Baltimore, MD, pp. 107–116 (1993)

    Google Scholar 

  11. Feinstein, H.L.: Final report: NIST small business innovative research (SBIR) grant: role based access control: phase 1. Technical report. SETA Corporation (1995)

    Google Scholar 

  12. Ferraiolo, D.F., Kuhn, D.R.: Role based access control. In: The proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  13. Lampson, B.W., Abadi, M., Burrows, M.L., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    Article  Google Scholar 

  14. Li, N., Grosof, B.N.: A practically implementation and tractable delegation logic. In: IEEE Symposium on Security and Privacy, pp. 27–42 (May 2000)

    Google Scholar 

  15. Sandhu, R.: Rational for the RBAC 96 family of access control models. In: Proceedings of 1st ACM Workshop on Role-based Access Control, pp. 64–72 (1997)

    Google Scholar 

  16. Sandhu, R.: Role activation hierarchies. In: Third ACM Workshop on RoleBased Access Control, Fairfax, Virginia, United States, pp. 33–40. ACM Press, New York (1998)

    Google Scholar 

  17. Sandhu, R.: Role-Based Access Control. In: Advances in Computers, vol. 46, Academic Press, London (1997)

    Google Scholar 

  18. Wang, H., Cao, J., Zhang, Y.: A flexible payment scheme and its role based access control. IEEE Transactions on Knowledge and Data Engineering 17(3), 425–436 (2005)

    Article  Google Scholar 

  19. Wang, H., Cao, J., Zhang, Y., Varadharajan, V.: Achieving Secure and Flexible M-Services Through Tickets. In: Benatallah, B., Maamar, Z. (eds.) IEEE Transactions Special issue on M-Services. IEEE Transactions on Systems, Man, and Cybernetics. Part A (IEEE 2003), vol. 33(6), pp. 697–708 (2003)

    Google Scholar 

  20. Wang, H., Zhang, Y., Cao, J., Kambayahsi, J.: A global ticket-based access scheme for mobile users, special issue on Object-Oriented Client/Server Internet Environments. Information Systems Frontiers 6(1), 35–46 (2004)

    Article  Google Scholar 

  21. Wang, H., Cao, J., Zhang, Y.: Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations. In: The 3nd International Conference on Web Information Systems Engineering (WISE 2002), Singapore, pp. 301–310 (2002)

    Google Scholar 

  22. Wang, H., Sun, L., Zhang, Y., Cao, J.: Authorization Algorithms for the Mobility of User-Role Relationship. In: Proceedings of the 28th Australasian Computer Science Conference (ACSC 2005), pp. 167–176. Australian Computer Society (2005)

    Google Scholar 

  23. Wang, H., Cao, J., Zhang, Y.: Formal authorization approaches for permission-role assignment using relational algebra operations. In: Proceedings of the 14th Australasian Database Conference (ADC 2003), Adelaide, Australia, vol. 25(1), pp. 125–134 (2003)

    Google Scholar 

  24. Wang, H., Cao, J., Zhang, Y.: A Consumer Anonymity Scalable Payment Scheme with Role Based Access Control. In: Proceedings of the 2nd International Conference on Web Information Systems Engineering (WISE 2001), Kyoto, Japan, pp. 73–72 (2001)

    Google Scholar 

  25. Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support for active security. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, pp. 171–181 (2001)

    Google Scholar 

  26. Zhang, L., Ahn, G., Chu, B.: A Rule-based framework for role-based delegation. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, May 3-4, pp. 153–162 (2001)

    Google Scholar 

  27. Zhang, L., Ahn, G., Chu, B.: A role-based delegation framework for healthcare information systems. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, CA, June 3-4, pp. 125–134 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Maths & Computing, University of Southern Queensland, Toowoomba, QLD, 4350, Australia

    Hua Wang

  2. Department of Computer Science & Computer Engineering, La Trobe University, Melbourne, VIC, 3086, Australia

    Jinli Cao

  3. Engineering Faculty, University of Southern Queensland, Toowoomba, QLD, 4350, Australia

    David Ross

Authors
  1. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinli Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Ross
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of ITEE, The University of Queensland, Australia

    Xiaofang Zhou

  2. School of Computer Science and Technology, Heilongjiang University, China

    Jianzhong Li

  3. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, Australia

    Heng Tao Shen

  4. Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan

    Masaru Kitsuregawa

  5. Victoria University, Australia

    Yanchun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, H., Cao, J., Ross, D. (2006). Role-Based Delegation with Negative Authorization. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds) Frontiers of WWW Research and Development - APWeb 2006. APWeb 2006. Lecture Notes in Computer Science, vol 3841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11610113_28

Download citation

  • DOI: https://doi.org/10.1007/11610113_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31142-3

  • Online ISBN: 978-3-540-32437-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics