Abstract
The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the administration and delegation of obligations. Managing such delegations implies more requirements than managing traditional privileges delegation. In fact, delegating obligations may include two interpretations: the delegation of the obligation and the delegation of the responsibility related to this obligation. Therefore, it is important to deal with these two notions separately. Moreover, since delegating an obligation involves the delegation of sanctions, then the consent of the user who receives this delegation may be required in some cases. We address in this paper these requirements and we propose a formalism to deal with them.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ben-Ghorbel, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing Delegation in Access Control Models. In: ADCOM (2007)
Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Revocation schemes for delegation licences. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 190–205. Springer, Heidelberg (2008)
Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation Monitoring in Policy Management. In: POLICY (2002)
Cuppens, F., Cuppens-Boulahia, N., Sans, T.: Nomad: a Security Model with Non Atomic Actions and Deadlines. In: CSFW (2005)
Gama, P., Ferreira, P.: Obligation Policies: An Enforcement Platform. In: POLICY (2005)
Park, J., Sandhu, R.: The UCON ABC Usage Control Model. TISSEC 7(1) (2004)
Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. Communications of the ACM (2006)
Cole, J., Derrick, J., Milosevic, Z., Raymond, K.: Author obliged to submit paper before 4 july: Policies in an enterprise specification. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 1. Springer, Heidelberg (2001)
Pacheco, O., Santos, F.: Delegation in a role-based organization. In: Lomuscio, A., Nute, D. (eds.) DEON 2004. LNCS, vol. 3065, pp. 209–227. Springer, Heidelberg (2004)
Schaad, A., Moffett, J.D.: Delegation of Obligations. In: POLICY (2002)
Abou-El-Kalam, A., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization Based Access Control. In: POLICY (2003)
Cuppens, F., Cuppens, N.: Modeling Contextual Security Policies. IJIS 7 (2008)
Cuppens, F., Miège, A.: Administration Model for Or-BAC. CSSE 19(3) (2004)
Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Multi-Granular Licences to Decentralize Security Administration. In: SSS/WRAS (2007)
Kagal, L., Finin, T.: Modeling Conversation Policies using Permissions and Obligations. JAAMAS 14(2) (2007)
Cuppens, F., Cuppens-Boulahia, N., Ben-Ghorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. ENTCS 186 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A. (2009). An Extended Role-Based Access Control Model for Delegating Obligations. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2009. Lecture Notes in Computer Science, vol 5695. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03748-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-03748-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03747-4
Online ISBN: 978-3-642-03748-1
eBook Packages: Computer ScienceComputer Science (R0)