Static and Dynamic Delegation in the Role Graph Model

Delegation in access control is used to deal with exceptional circumstances, when a regular user is unable to perform their normal job and delegates all or part of it to others. These situations can be anticipated and built into the security design as static delegation; however, unforseen circumstances can still occur requiring dynamic delegation to be specified at runtime. This paper presents both static and dynamic delegation in the context of the Role Graph Model. To properly capture runtime events, we add sessions to the RGM. We then introduce session-oriented, dynamic delegation, a new concept in RBAC models, using an edge-labeling method. Constraints applicable to both static and dynamic delegation are examined.

[1]  Vijayalakshmi Atluri,et al.  Supporting conditional delegation in secure workflow management systems , 2005, SACMAT '05.

[2]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[3]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[4]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[5]  Gail-Joon Ahn,et al.  A rule-based framework for role based delegation , 2001, SACMAT '01.

[6]  He Wang,et al.  Delegation in the role graph model , 2006, SACMAT '06.

[7]  Gail-Joon Ahn,et al.  Authorization management for role-based collaboration , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[8]  Sylvia L. Osborn,et al.  Privilege Administration for the Role Graph Model , 2002, DBSec.

[9]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[10]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[11]  Andrew D. Gordon An Introduction to Formal Specification and Z by Ben Potter, Jane Sinclair and David Till, Prentice-Hall, 1991. Z: An Introduction to Formal Methods (second edition) by Antoni Diller, John Wiley & Sons, 1994. , 1996 .

[12]  Milan Petkovic,et al.  Security, Privacy, and Trust in Modern Data Management , 2007, Data-Centric Systems and Applications.

[13]  Ravi Sandhu,et al.  A Role-Based Delegation Model and Some Extensions , 2000 .

[14]  Sylvia L. Osborn,et al.  Access Rights Administration in Role-Based Security Systems , 1994, DBSec.

[15]  Sylvia L. Osborn Role-Based Access Control , 2007, Security, Privacy, and Trust in Modern Data Management.

[16]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[17]  He Wang,et al.  An Administrative Model for Role Graphs , 2003, DBSec.

[18]  Sylvia L. Osborn Database Security Integration using Role-Based Access Control , 2000, DBSec.

[19]  Ravi S. Sandhu,et al.  Role-based delegation model/hierarchical roles (RBDM1) , 2004, 20th Annual Computer Security Applications Conference.

[20]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[21]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[22]  Gail-Joon Ahn,et al.  Secure information sharing using role-based delegation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[23]  Eduardo B. Fernández,et al.  Decentralized Authorization In A Database System , 1979, Fifth International Conference on Very Large Data Bases, 1979..

[24]  Jason Crampton,et al.  Delegation in role-based access control , 2007, International Journal of Information Security.

[25]  Akhil Kumar,et al.  A fine-grained, controllable, user-to-user delegation method in RBAC , 2005, SACMAT '05.

[26]  Sylvia L. Osborn,et al.  Modeling users in role-based access control , 2000, RBAC '00.

[27]  John Nicholls,et al.  Z notation , 1994 .

[28]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[29]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[30]  Jason Crampton Administrative scope and role hierarchy operations , 2002, SACMAT '02.

[31]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.