Towards Trustworthy Delegation in Role-Based Access Control Model

The need to delegate, which allows the temporary grant or transfer of access rights, arise in many applications. Although a lot of research appears in extending Role-Based Access Control (RBAC) to support delegation, not much appears on providing a formal basis for choosing delegatees. We provide an approach that allows one to assess the trustworthiness of potential delegatees in the context of the task that is to be delegated. It is also important to ensure that the choice of the delegatee does not cause any security policy violation. Towards this end, we show how to formally analyze the application using existing SAT solvers to get assurance that our choice of delegatee does not cause a security breach. Once the process of choosing delegatee can be formalized, it will be possible to automate delegation and use it for real-time applications.

[1]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[2]  Javier López,et al.  A Model for Trust Metrics Analysis , 2008, TrustBus.

[3]  Audun J sang,et al.  An Algebra for Assessing Trust in Certi cation Chains , 1998 .

[4]  Ravi Sandhu,et al.  A Role-Based Delegation Model and Some Extensions , 2000 .

[5]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[6]  Javier López,et al.  Enabling Attribute Delegation in Ubiquitous Environments , 2008, Mob. Networks Appl..

[7]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[8]  Hong Chen,et al.  On the Security of Delegation in Access Control Systems , 2008, ESORICS.

[9]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[10]  Isabel F. Cruz,et al.  A location aware role and attribute based access control system , 2008, GIS '08.

[11]  Jason Crampton,et al.  Delegation and satisfiability in workflow systems , 2008, SACMAT '08.

[12]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[13]  Elisa Bertino,et al.  Fine-grained role-based delegation in presence of the hybrid role hierarchy , 2006, SACMAT '06.

[14]  Indrajit Ray,et al.  An interoperable context sensitive model of trust , 2009, Journal of Intelligent Information Systems.

[15]  Andreas Schaad,et al.  A lightweight approach to specification and analysis of role-based access control extensions , 2002, SACMAT '02.

[16]  Audun Jøsang,et al.  Optimal Trust Network Analysis with Subjective Logic , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[17]  E. Damiani,et al.  New paradigms for access control in open environments , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[18]  Gail-Joon Ahn,et al.  A rule-based framework for role based delegation , 2001, SACMAT '01.

[19]  Ninghui Li,et al.  Satisfiability and Resiliency in Workflow Systems , 2007, ESORICS.

[20]  Audun Jøsang,et al.  An Algebra for Assessing Trust in Certification Chains , 1999, NDSS.

[21]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[22]  A. Jøsang Artificial Reasoning with Subjective Logic , 2008 .

[23]  Mana Taghdiri,et al.  A Lightweight Formal Analysis of a Multicast Key Management Scheme , 2003, FORTE.

[24]  Adam Wolisz,et al.  Formal Techniques for Networked and Distributed Systems - FORTE 2003 , 2003, Lecture Notes in Computer Science.

[25]  Audun Jøsang,et al.  Simplification and analysis of transitive trust networks , 2006, Web Intell. Agent Syst..

[26]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.