Browse > Article
http://dx.doi.org/10.9708/jksci.2022.27.02.107

APDM : Adding Attributes to Permission-Based Delegation Model  

Kim, Si-Myeong (Department of Computer Science and Engineering, Dongguk University)
Han, Sang-Hoon (Dept. of Computer Information Security, Korea National University of Welfare)
Publication Information
Journal of the Korea Society of Computer and Information / v.27, no.2, 2022 , pp. 107-114 More about this Journal
Abstract
Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.
Keywords
RBAC; Role; Delegation; Attibute; Permission;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Crampton, J. and Khambhammettu, H. (2006): Delegation in Role-Based Access Control. Proc. 11th European Symposium On Research In Computer Security (ESORICS 2006), Hamburg, Germany,
2 Ravi S Sandhu, Edward j. Coyne, Hal L. Feinstein and Charles E. Youman," Role-based Access Control Model", IEEE, pp.38-47, Feb, 1996
3 Ezedin Barka and Ravi Sanhu, "Framework for Role-based Delegation Model and Some Extensions",Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, pp.101-114, Baltimore,USA, October,2000
4 Sandhu, R. (2005): Role Usage and Activation Hierarchies, http://www.list.gmu.edu/it862/it862s05/Role_Activation_Hierarchies.ppt. Accessed 16th February 2007.
5 Zhang L, Ahn .G.J and Chun B.T, "A Rule-based Framework for Role-based Delegation Revocation", ACM Transactions on Information and System Security , Vol.6, No.3, pp404-441, August, 2003,   DOI
6 A Ali, U Habiba, MA Shibli "Taxonomy of delegation model", 12th international conference on information technology-new generations, IEEE, pp.218-223, 13-15 April 2015
7 Jun Zheng, Yuan Tan, Qikun Zhang, Xin Sun, Yichun Chen, Applied Informatics and Communication, vol. 227, pp. 526, 2011.
8 Tahmina Ahmed, Ravi Sandhu "Classifying and Comparing Attribute-Based and Relationship-Based Access Control" Conference: the Seventh ACM, March 2017
9 X. Jin, R. Krishnan, and R. Sandhu. A unied"attribute-based access control model covering DAC,MAC and RBAC." In IFIP Annual Conference on Data and Applications Security and Privacy, Springer, p.41-55, 2012.
10 XinWen Zhang, Sejong Oh and Ravi Sandhu," PBDM: A Flexible Delegation Model in RBAC", 8th ACMSympo siumon Access Control Models and Technologies (SACMAT-03),pp.149-157, June,2003
11 Bernhard J. Berger,Christian Maeder,Rodrigue Wete Nguempnang, Karsten Sohr,Carlos Rubio-Medrano(Less) "Towards Effective Verification of Multi-Model Access Control Properties"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies, pp 149-160, May 2019
12 Jiwan Ninglekhu, Ram Krishnan "AARBAC: Attribute-Based Administration of Role-Based Access Control", 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), IEEE, 15-17 Oct. 2017
13 Koji Hasebe,Mitsuhiro Mabuchi,Akira Matsushita "Capability-based delegation model in RBAC", Proceedings of the 15th ACM symposium on Access control models and technologies, pp 109-118, June 2010
14 D. R. Kuhn, E. J. Coyne and T. R. Weil, "Adding attributes to role-based access control", Computer, vol. 6, (2010), pp. 79-81.
15 Chunxiao Ye, Yunqing Fu, Zhingfu Wu, "An attribute-Based-Delegation-Model", ACM International Conference Proceeding Series,Vol85, Proceedings of the 3rd international Conference in Information security, pp.220-221,November14-16,2004