Abstract
Graph-based approach to access control models have been studied by researchers due to its visualization, flexible representation and precise semantics. In this paper, we present a detailed graph-based algorithm to evaluate authorization delegations and resolve conflicts based on the shorter weighted path-take-precedence method. The approach makes it possible for administrators to control their granting of authorizations in a very flexible way. The correctness proof and time complexity of the algorithm are provided. We then consider how the authorization state can be changed, since in a dynamic environment an authorization state is not static. The detailed algorithm of state transformation and its correctness proof are also given.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Jaeger, T., Tidswell, J.E.: Practical safety in flexible access control models. ACM Trans. on Info. and System Security 4(2), 158–190 (2001)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Administratice Scope in the Graph-Based Framework. In: Proceedings of the ninth ACM Symposium on Access control Models and Technologies, pp. 97–104 (2004)
Lipton, R.J., Snyder, L.: A Linear Time Algorithm for Deciding Subject Security. Journal of the ACM 24(3), 455–464 (1977)
Nyanchama, M., Osborn, S.L.: The Role Graph Model and Conflict of Interest. ACM Trans. on Info. and System Security 1(2), 3–33 (1999)
Rosen, K.H.: Discrete mathematics and its applications. McGraw-Hill Inc. Publishing Company, New York (1991)
Ruan, C., Varadharajan, V.: A weighted graph approach to authorization delegation and conflict resolution. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 402–413. Springer, Heidelberg (2004)
Sandhu, R.: A Perspective on Graphs and Access Control Models. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 2–12. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ruan, C., Varadharajan, V. (2006). Implementing Authorization Delegations Using Graph. In: Bressan, S., Küng, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2006. Lecture Notes in Computer Science, vol 4080. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11827405_88
Download citation
DOI: https://doi.org/10.1007/11827405_88
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37871-6
Online ISBN: 978-3-540-37872-3
eBook Packages: Computer ScienceComputer Science (R0)