Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2009: Information Security pp 379–394Cite as

Towards Trustworthy Delegation in Role-Based Access Control Model

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Abstract

The need to delegate, which allows the temporary grant or transfer of access rights, arise in many applications. Although a lot of research appears in extending Role-Based Access Control (RBAC) to support delegation, not much appears on providing a formal basis for choosing delegatees. We provide an approach that allows one to assess the trustworthiness of potential delegatees in the context of the task that is to be delegated. It is also important to ensure that the choice of the delegatee does not cause any security policy violation. Towards this end, we show how to formally analyze the application using existing SAT solvers to get assurance that our choice of delegatee does not cause a security breach. Once the process of choosing delegatee can be formalized, it will be possible to automate delegation and use it for real-time applications.

This work was supported in part by AFOSR under contract number FA9550-07-1-0042.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barka, E., Sandhu, R.S.: A Role-Based Delegation Model and Some Extensions. In: Proceedings of the 23rd National Information Systems Security Conference (2000)

    Google Scholar 

  2. Joshi, J., Bertino, E.: Fine-grained role-based delegation in presence of the hybrid role hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 81–90 (2006)

    Google Scholar 

  3. Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)

    Article  Google Scholar 

  4. Zhang, L., Ahn, G.J., Chu, B.: A rule-based framework for role based delegation. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, pp. 153–162 (2001)

    Google Scholar 

  5. Wang, Q., Li, N., Chen, H.: On the security of delegation in access control systems. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 317–332. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Zhang, X., Oh, S., Sandhu, R.S.: PBDM: A Flexible Delegation Model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, pp. 149–157 (2003)

    Google Scholar 

  7. Jackson, D.: Alloy 3.0 reference manual (2004), http://alloy.mit.edu/reference-manual.pdf

  8. Georg, G., Bieman, J., France, R.B.: Using Alloy and UML/OCL to Specify Run-Time Configurati on Management: A Case Study. In: Practical UML-Based Rigorous Development Methods - Countering or Integrating the eXtremists. LNI, vol. P-7, pp. 128–141. German Informatics Society (2001)

    Google Scholar 

  9. Taghdiri, M., Jackson, D.: A lightweight formal analysis of a multicast key management scheme. In: König, H., Heiner, M., Wolisz, A. (eds.) FORTE 2003, vol. 2767, pp. 240–256. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 31–40 (2008)

    Google Scholar 

  11. Wang, Q., Li, N.: Satisfiability and resiliency in workflow systems. In: Proceedings of the 12th European Symposium on Research in Computer Security, pp. 90–105 (2007)

    Google Scholar 

  12. Jøsang, A.: Artificial reasoning with subjective logic. In: Proceedings of the 2nd Australian Workshop on Commonsense Reasoning (1997)

    Google Scholar 

  13. Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security Symposium (1999)

    Google Scholar 

  14. Jøsang, A., Bhuiyan, T.: Optimal trust network analysis with subjective logic. In: Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies, pp. 179–184 (2008)

    Google Scholar 

  15. Jøsang, A., Gray, E., Kinateder, M.: Simplification and analysis of transitive trust networks. Web Intelligence and Agent Systems 4(2), 139–161 (2006)

    Google Scholar 

  16. Agudo, I., Lopez, J., Montenegro, J.A.: Enabling Attribute Delegation in Ubiquitous Environments. Mobile Networks and Applications 13(3-4), 398–410 (2008)

    Google Scholar 

  17. Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 49–58 (2006)

    Google Scholar 

  18. Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M.: A location aware role and attribute based access control system. In: Proceedings of the 16th ACM SIGSPATIAL International Symposium on Advances in Geographic Information Systems, p. 84 (2008)

    Google Scholar 

  19. Damiani, E., di Vimercati, S.D.C., Samarati, P.: New paradigms for access control in open environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)

    Google Scholar 

  20. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130 (2002)

    Google Scholar 

  21. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting attribute-based access control with ontologies. In: Proceedings of the 1st International Conference on Availability, Reliability and Security, pp. 465–472 (2006)

    Google Scholar 

  22. Ray, I., Ray, I., Chakraborty, S.: An interoperable context sensitive model of trust. Journal of Intelligent Information Systems 32(1), 75–104 (2009)

    Article  Google Scholar 

  23. Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55 (2004)

    Google Scholar 

  24. Zao, J., Wee, H., Chu, J., Jackson, D.: RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis (2002), http://alloy.mit.edu/publications.php

  25. Schaad, A., Moffett, J.D.: A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, pp. 13–22 (2002)

    Google Scholar 

  26. Agudo, I., Gago, M.C.F., Lopez, J.: A model for trust metrics analysis. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 28–37. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Colorado State University, Fort Collins, CO, 80523-1873

    Manachai Toahchoodee, Xing Xie & Indrakshi Ray

Authors
  1. Manachai Toahchoodee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xing Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Toahchoodee, M., Xie, X., Ray, I. (2009). Towards Trustworthy Delegation in Role-Based Access Control Model. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation