Abstract
Provision for delegation of access privileges lends access control systems flexibility and context-awareness. The topic of delegation did not exist in classical computing security, but – as IT systems got more distributed and complex – provision for delegation became a necessary access-control feature, and consequently much effort has been dedicated to extend conventional access control models with delegation capability. Many such efforts have pivoted around the well-known Role-based Access Control (RBAC) model, mainly for compatibility reasons, as RBAC had already been considered the de facto industry standard – even before the need for delegation arose in enterprise information systems. However, delegation is arguably more discretionary in nature rather than role-based; especially for healthcare informatics which is the application domain for our proposed delegation framework. In this paper, we present a discretionary framework for delegation of access rights from a delegator to a delegatee by implementing a delegation-token and various stages of its life cycle in tamper-resistant devices including smartcards. The proposed framework is designed and implemented using our eTRON cybersecurity architecture which advocates use of public key cryptographic protocols for secure entity authentication, data integrity and data confidentiality.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National Computer Security Center: A guide to understanding discretionary access control in trusted systems. Report NSCD-TG-003 Version 1 (1987)
Department of Defense (1985) Trusted computer system evaluation criteria. DoD 5200.28-STD, National Computer Security Center, USA
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Caumanns, J., Kuhlisch, R., Pfaff, O., Rode, O.: IHE IT infrastructure technical framework white paper – access control. http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf (2009)
Health Level Seven International: HL7 implementation guide for CDA® release 2: digital signatures and delegation of rights, release 1. http://www.hl7.org/implement/standards/product_brief.cfm?product_id=375 (2014)
Sakamura, K., Koshizuka, N.: The eTRON wide-area distributed-system architecture for e-commerce. IEEE Micro 21(6), 7–12 (2001)
Rankl, W.: Smart card applications: design models for using and programming smart cards, 3rd edn. John Wiley & Sons Ltd., West Sussex (2007)
Yashiro, T., Khan, M.F.F., Ito, S., Bessho, M., Kobayashi, S., Usaka, T., Koshizuka, N., Sakamura, K.: eTNet: a smart card network architecture for flexible electronic commerce services. In: 4th IFIP International Conference on New Technologies, Mobility and Security, pp. 1–5 (2011)
Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: the evolution of access control models. Technical Report HPL-2009-30, HP Labs. http://www.hpl.hp.com/techreports/2009/HPL-2009-30.pdf (2009)
Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of National Information Systems Security Conference, pp. 101–114 (2000)
Barka, E., Sandhu, R.: Role-based delegation model/hierarchical roles. In: Proceedings of Computer Security Applications Conference, pp. 396–404 (2004)
Zhang, L., Ahn, G., Chu, B.T.: A rule-based framework for role based delegation. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, pp. 53–162 (2001)
Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, pp. 149–157 (2003)
Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 109–118 (2010)
Kagal, L., Finin, T., Joshi, A.: Trust-based security in pervasive computing environments. IEEE Comput. 34(12), 154–157 (2001)
Steffen, R., Knorr, R.: A trust-based delegation system for managing access control. In: Adjunct Proceedings, 3rd International Conference on Pervavise Computing. http://www.pervasive.ifi.lmu.de/adjunct-proceedings/poster/p001-005.pdf (2005)
YRP Ubiquitous Networking Laboratory: Programming manual of eTRON client library (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
The following shows API command specification for eopn_ses (cited from eTRON client library)
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Khan, M.F.F., Sakamura, K. (2016). A Discretionary Delegation Framework for Access Control Systems. In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_54
Download citation
DOI: https://doi.org/10.1007/978-3-319-48472-3_54
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48471-6
Online ISBN: 978-3-319-48472-3
eBook Packages: Computer ScienceComputer Science (R0)