Hierarchical Role-based Restricted Delegation Model and Simulation Analyzing

In distributed environments, delegation relationships across multiple security domains are ubiquitous. To satisfy various restricted delegation requirements of actual applications, on the basis of the existing works, a Hierarchical Role-based Restricted Delegation Model (HRRDM) was proposed. The role tree was defined to solve the partial delegation problem, and the delegation spread tree and the role delegation chain were defined to solve the multi-step delegation problem and the problem of multi-step delegation dependency respectively. The delegation certification was proposed to support requirements of temporary delegation, associated role delegation, partial delegation, multi-step delegation in actual applications, and the dynamic characteristic of delegation role granting or revocation was effectively supported. Finally, the extensive execution model of HRRDM was formalized and proved, and the simulation analyzing of the execution model was given to validate its availability.