Skip to main content
SpringerLink
Log in

Reasoning about Dynamic Delegation in Role Based Access Control Systems

  • Conference paper
Database Systems for Advanced Applications (DASFAA 2011)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6587))

Included in the following conference series:

Abstract

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles’ privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generation Computing 9, 365–385 (1991)

    Article  MATH  Google Scholar 

  2. Li, N., Tripunitara, M.V.: Security Analysis in Role-Based Access Control. ACM Transactions on Information and System Security 9(4), 391–420 (2006)

    Article  Google Scholar 

  3. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  4. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2(1), 105–135 (1999)

    Article  Google Scholar 

  5. Sandhu, R.S., Munawer, Q.: The ARBAC99 model for administration of roles. In: Proc of the 18th Annual Computer Security Applications Conference, pp. 229–238 (1999)

    Google Scholar 

  6. Schaad, A.: Conflict detection in a role-based delegation model. In: Proc. of Annual Computer Security Applications Conference (2001)

    Google Scholar 

  7. Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a European bank: A case study and discussion. In: Proc. of the Sixth SACMAT, pp. 3–9 (2001)

    Google Scholar 

  8. Oh, S., Sandhu, R.S.: A model for role admininstration using organization structure. In: Proc. of the Seventh SACMAT (2002)

    Google Scholar 

  9. Toahchoodee, M., Xie, X., Ray, I.: Towards trustworthy delegation in Role-Based Access Control Model. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 379–394. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Zhang, X., Oh, S., Sandhu, R.: PBDM: A flexible delegation model in RBAC. In: Proc. of the 8th ACM Symposium on Access Control Models and Technologies (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Western Sydney, Penrith South DC, NSW, 1797, Australia

    Chun Ruan & Vijay Varadharajan

  2. Macquarie University, North Ryde, NSW, 2109, Australia

    Vijay Varadharajan

Authors
  1. Chun Ruan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Systems Engineering and Engineering Management, The Chinese University of Hong Kong,, Shatin, N.T., Hong Kong, China

    Jeffrey Xu Yu

  2. Department of Computer Science, Korea Advanced Institute of Science and Technology (KAIST), 291 Daehak-ro (373-1 Guseong-don), Yuseong-gu, 305-701, Daejeon, Korea

    Myoung Ho Kim

  3. Institute for Computer Science and Business Information Systems (ICB), University of Duisburg-Essen, SchĂĽtzenbahn 70, 45117, Essen, Germany

    Rainer Unland

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ruan, C., Varadharajan, V. (2011). Reasoning about Dynamic Delegation in Role Based Access Control Systems. In: Yu, J.X., Kim, M.H., Unland, R. (eds) Database Systems for Advanced Applications. DASFAA 2011. Lecture Notes in Computer Science, vol 6587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20149-3_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-20149-3_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-20148-6

  • Online ISBN: 978-3-642-20149-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation