Browse > Article
http://dx.doi.org/10.9708/jksci.2010.15.11.163

A Time Constraints Permission Based Delegation Model in RBAC  

Kim, Tae-Shik (동국대학교 컴퓨터공학과)
Chang, Tae-Mu (동국대학교 IT학부 컴퓨터공학과)
Publication Information
Journal of the Korea Society of Computer and Information / v.15, no.11, 2010 , pp. 163-171 More about this Journal
Abstract
RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.
Keywords
RBAC96; Delegation Model; Time Constraints; TCPBDM;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Serban I, Bavrila, Jogn F, Barklev, "Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management," ACM Workshop on Role-Based Access Control, pp. 81-90, 1998.
2 J.B.D. Joshi, E. Bertino. U. Latif, A. Gahfoor. Gemeralized, "A generalized Temporal Role Based Access Control Model," IEEE Transactions on Knowledge and Data Engineering, 17 (1), pp. 4-23, Jan., 2005 .   DOI   ScienceOn
3 J.B.D. joshi, E. Bertino."Fine-grained role-based delegation in presence of the hybrid role hierarchy," Proc. 11th ACM, Access control model and Technologies. pp. 81-90, Jun., 2006.
4 J. Wainer and A. Kumar, "A Fine-Grained, Controllable, User-to-User Delegation Method in RBAC," Proc. 10th ACM Symp. Access Control Models and Technologies(SACMAT '05), pp. 59-66, June 2005.
5 Y. Zhang. "Achieving Flexible Task Delegation in Role-Based Agent Teams," Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, 2007, pp. 3801-3806, 7-10 Oct. 2007.
6 Hagstrom, A, Jajodia, S, Parisi-Presicce, F, Wijesekera, D,"Revocation-a Classification," Computer Security Foundations Workshop, 2001. Proceedings. 14th IEEE, pp. 44-58, Oakland, May 7-9, 2001.
7 Gail-Joon Ahn. "Specification and Classification of Role-based Authorization Policies," In Proceedings of 8th IEEE International Workshop on Enterprise Security(WETICE2003), pp. 202-207, June 9-11, 2003.
8 Ezedin Barka and Ravi Sanhu, "Framework for Role-based Delegation Model and Some Extensions," Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, pp.101-114, Baltimore,USA, October, 2000.
9 Ezedin Barka and Ravi S Shanhu, "A Role-Based Delegation model and Some Extensions," Proc, Of 23rd National Information System Security Conference(NISSC2000), pp. 168-176, Dec., 2000.
10 Gail Ahn and Ravi Snahu, "Role-based Authorization Constraints Specification," ACM Trans on Information and System Security, Vol.3, No.4, pp.207-226, November, 2000.   DOI
11 Zhang L, Ahn .G.J and Chun B.T, "A Rule-based Framework for Role-based Delegation Revocation," ACM Transactions on Information and System Security , Vol. 6, No. 3, pp. 404-441, August, 2003.   DOI
12 XinWen Zhang, Sejong Oh and Ravi Sandhu," PBDM: A Flexible Delegation Model in RBAC," 8th ACMSympo siumon Access Control Models and Technologies (SACMAT-03), pp.149-157, June, 2003.
13 Ravi S Sandhu, Edward j. Coyne, Hal L. Feinstein and Charles E. Youman, "Role-based Access Control Model," IEEE, pp. 38-47, Feb., 1996.
14 Chunxiao Ye, Yunqing Fu, Zhingfu Wu, "An attribute- Based-Delegation-Model," ACM International Confer ence Proceeding Series, Vol. 85, Proceedings of the 3rd international Conference in Information security, pp. 220-221, November 14-16, 2004.