Skip to main content
SpringerLink
Log in

A delegation model for extended RBAC

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In the field of access control, delegation is an important aspect that is considered part of the administration mechanism. Thus, a comprehensive access control model must provide a flexible administration model to manage delegation and revocation. Unfortunately, to our best knowledge, there is no complete model for describing all delegation requirements for role-based access control. Therefore, proposed models are often extended to support new delegation or revocation characteristics, which is a complex task to manage and requires the redefinition of these models. Moreover, since delegation is modelled separately from administration, this requires the specification of a separate security policy to deal with delegation. In this paper, we describe a new delegation approach for extended role-based access control models. We show that our approach is flexible and is sufficient to deal with administration and delegation requirements in a homogeneous unified framework. Moreover, it provides means to express various delegation and revocation dimensions in a simple manner.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abou-El-Kalam, A., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society (2003)

  2. Ahn G.J., Mohan B., Hong S.P.: Towards secure information sharing using role-based delegation. J. Netw. Comput. Appl. 30(1), 42–59 (2007)

    Article  Google Scholar 

  3. Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflows management systems. In: Proceedings of 3rd International Conference on Availability, Reliability and Security (ARES 2009). IEEE Computer Society, Fukuoka (2009)

  4. Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conference (NISSC 2000). Baltimore, MD (2000)

  5. Barka, E., Sandhu, R.: Role-based delegation model/hierarchical roles (RBDM1). In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004). Tucson, Arizona (2004)

  6. Barka, E., Sandhu, R.: Framework for agent-based role delegation. In: Proceedings of the IEEE International Conference on Communications (ICC 2007). (2007)

  7. Ben-Ghorbel-Talbi, M.: Decentralized administration of security policies. Ph.D. Thesis, TELECOM Bretagne-Sup’Com Tunis (2009)

  8. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing delegation in access control models. In: Proceedings of the 15th International Conference on Advanced Computing and Communications (ADCOM 2007), pp. 744–751. IEEE Computer Society, Guwahati, Inde (2007)

  9. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Revocations schemes for delegation licences. In: Proceedings of the 10th International Conference on Information and Communications Security (ICICS 2008). Springer, Birmingham (2008)

  10. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: An extended role-based access control model for delegating obligations. In: Proceedings of the 6th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2009). LNCS Springer, Linz, Austria (2009)

  11. Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Secur. (2008)

  12. Cuppens, F., Cuppens-Boulahia., N.: Modeling contextual security policies. Int. J. Inf. Secur. (2008)

  13. Cuppens F., Cuppens-Boulahia N., Ben-Ghorbel M.: High level conflict management strategies in advanced access control models. Electron. Notes Theor. Comput. Sci. (ENTCS) 186, 3–26 (2007)

    Article  MathSciNet  Google Scholar 

  14. Cuppens, F., Cuppens-Boulahia, N., Coma, C.: O2O: Virtual private organizations to manage security policy interoperability. In: Proceedings of the 2nd International Conference on Information Systems Security (ICISS 2006), India (2006)

  15. Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Multi-granular licences to decentralize security administration. In: Proceedings of the First International Workshop on Reliability, Availability and Security (SSS/WRAS 2007). Paris, France (2007)

  16. Cuppens, F., Cuppens-Boulahia, N., Miège, A.: Inheritance hierarchies in the Or-BAC model and application in a network environment. In: Proceedings of the 3rd Workshop on Foundations of Computer Security (FCS04). Turku, Finland (2004)

  17. Cuppens, F., Miège, A.: Administration model for Or-BAC. Int. J. Comput. Syst. Sci. Eng. (CSSE) 19(3) (2004)

  18. Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Trans. Database Syst. 1(3) (1976)

  19. Jena: A Semantic Web Framework for Java. http://jena.sourceforge.net/

  20. Kong G., Li J.: Research on RBAC-based separation of duty constraints. J. Inf. Comput. Sci. 2(3), 235–240 (2007)

    MathSciNet  Google Scholar 

  21. Lee, Y., Park, J., Lee, H., Noh, B.: A rule-based delegation model for restricted permission inheritance RBAC. In: Proceedings of the 2nd International Conference (ACNS 2004). Yellow Mountain (2004)

  22. Motorbac: http://motorbac.sourceforge.net/

  23. Park, D.G., Lee, Y.R.: A flexible role-based delegation model using characteristics of permissions. In: Proceedings of the 16th International Conference on Database and Expert Systems Applications (DEXA 2005). Copenhagen, Denmark (2005)

  24. Qiu, W., Adams, C.: Exploring user-to-role delegation in role-based access control. In: Proceedings of the 8th World Congress on the Management of eBusiness (WCMeB 2007). IEEE Computer Society, Toronto, ON (2007)

  25. Ray, I., Toahchoodee, M.: A spatio-temporal access control model supporting delegation for pervasive computing applications. In: Proceedings of the 5th International Conference on Trust, Privacy & Security in Digital Business (TrustBus’08). LNCS Springer, Turin (2008)

  26. Sandhu R., Coyne E.J., Feinstein H.L., Youman C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Google Scholar 

  27. Sandhu, R.S., Samarati, P.: Access control: principles and practice. lEEE Commun. Mag. (1994)

  28. The Motorbac Tool: http://motorbac.sourceforge.net/

  29. Toman D.: Memoing evaluation for constraint extensions of datalog. Constraints 2(3/4), 337–359 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  30. Ullman J.D.: Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies. W.H. Freeman & Co, New York, NY (1990)

    Google Scholar 

  31. Ye, C., Wu, Z., Fu, Y.: An attribute-based delegation model and its extension. J. Res. Pract. Inf. Technol. 38(1) (2006)

  32. Zhang L., Ahn G.J., Chu B.T.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. (TISSEC) 6, 404–441 (2003)

    Article  Google Scholar 

  33. Zhang, X., Oh, S., Sandhu, R.: Pbdm: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM Press, Como (2003)

Download references

Author information

Authors and Affiliations

  1. Institut TELECOM/TELECOM Bretagne, LUSSI, 2 Rue de la Châtaigneraie, CS 17607, 35576, Cesson Sévigné, Cedex, France

    Meriam Ben-Ghorbel-Talbi, Frédéric Cuppens & Nora Cuppens-Boulahia

  2. Sup’Com Tunis, Digital Security Research Unit, Route de Raoued Km 3.5, 2083, Ariana, Tunisia

    Adel Bouhoula

Authors
  1. Meriam Ben-Ghorbel-Talbi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adel Bouhoula
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meriam Ben-Ghorbel-Talbi.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N. et al. A delegation model for extended RBAC. Int. J. Inf. Secur. 9, 209–236 (2010). https://doi.org/10.1007/s10207-010-0104-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-010-0104-3

Keywords

Search

Navigation