Delegation in the role graph model

We present a model for delegation that is based on our decentralized administrative role graph model. We use a combination of user/group assignment and user-role assignment to support user to user,permission to user and role to role delegation. A powerful source-dependent revocation algorithm is described. We separate our delegation model into static and dynamic models, then discuss the static model and its operations. We provide detailed partial revocation algorithms. We also give details concerning changes to the role hierarchy, user/group structure and RBAC operations that are affected by delegation.

[1]  Akhil Kumar,et al.  A fine-grained, controllable, user-to-user delegation method in RBAC , 2005, SACMAT '05.

[2]  Ravi Sandhu,et al.  A Role-Based Delegation Model and Some Extensions , 2000 .

[3]  Sylvia L. Osborn,et al.  Access Rights Administration in Role-Based Security Systems , 1994, DBSec.

[4]  Gail-Joon Ahn,et al.  Secure information sharing using role-based delegation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[5]  Eduardo B. Fernández,et al.  Decentralized Authorization In A Database System , 1979, Fifth International Conference on Very Large Data Bases, 1979..

[6]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Ravi S. Sandhu,et al.  Role-based delegation model/hierarchical roles (RBDM1) , 2004, 20th Annual Computer Security Applications Conference.

[8]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[9]  Gail-Joon Ahn,et al.  Authorization management for role-based collaboration , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[10]  He Wang,et al.  An Administrative Model for Role Graphs , 2003, DBSec.

[11]  Gang Yin,et al.  An Authorization Framework Based on Constrained Delegation , 2004, ISPA.

[12]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[13]  Sylvia L. Osborn,et al.  Privilege Administration for the Role Graph Model , 2002, DBSec.

[14]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[15]  Gail-Joon Ahn,et al.  A rule-based framework for role based delegation , 2001, SACMAT '01.

[16]  Sylvia L. Osborn,et al.  Modeling users in role-based access control , 2000, RBAC '00.

[17]  Gail-Joon Ahn,et al.  A role-based delegation framework for healthcare information systems , 2002, SACMAT '02.

[18]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[19]  Vijayalakshmi Atluri,et al.  Supporting conditional delegation in secure workflow management systems , 2005, SACMAT '05.

[20]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.