A rule-based framework for role based delegation

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security officers. The emerging technology of role-based delegation provides a means for implementing RBAC in a distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a role-based delegation model called RDM2000 (role-based delegation model 2000), which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation. The paper explores different approaches for delegation and revocation. Also, a rule-based language for specifying and enforcing the policies based on RDM2000 is introduced.

[1]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[2]  Ben Forta,et al.  Advanced Coldfusion 4.0 Application Development , 1998 .

[3]  Ravi S. Sandhu,et al.  Rationale for the RBAC96 family of access control models , 1996, RBAC '95.

[4]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[5]  Tuomas Aura,et al.  Distributed Access-Rights Managements with Delegations Certificates , 2001, Secure Internet Programming.

[6]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[8]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[9]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[10]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[11]  Ravi Sandhu,et al.  A Role-Based Delegation Model and Some Extensions , 2000 .

[12]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Serge Abiteboul,et al.  A rule-based language with functions and sets , 1991, TODS.

[14]  Jean Bacon,et al.  Access control in an open distributed environment , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[15]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[16]  Ben Forta,et al.  Certified ColdFusion Developer Study Guide , 2001 .

[17]  Benjamin N. Grosof,et al.  A practically implementable and tractable delegation logic , 2000, S&P 2000.

[18]  M. Liebrand,et al.  Role Delegation for a Distributed, Unified Rbac/mac † , 2002 .

[19]  Joan Feigenbaum,et al.  A logic-based knowledge representation for authorization with delegation , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[20]  John Linn,et al.  Attribute certification: an enabling technology for delegation and role-based controls in distributed environments , 1999, RBAC '99.

[21]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[22]  Gail-Joon Ahn,et al.  A role-based delegation framework for healthcare information systems , 2002, SACMAT '02.

[23]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[24]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[25]  Henry M. Gladney,et al.  Access control for large collections , 1997, TOIS.

[26]  Sushil Jajodia,et al.  Revocations - A classification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[27]  Ravi Sandhu,et al.  Push Architectures for User Role Assignment , 2000 .

[28]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[29]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[30]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[31]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.