Browse > Article
http://dx.doi.org/10.13089/JKIISC.2003.13.4.129

A Role-Based Delegation Model Using Role Hierarchy with Restricted Permission Inheritance  

박종순 (전남대학교 정보보호협동과)
이영록 (전남대학교 전산학과)
이형효 (원광대학교 정보ㆍ전자상거래학부)
노봉남 (전남대학교 전산학과)
조상래 (한국전자통신연구원(ETRI) 정보보호연구본부 인증기반연구팀)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.13, no.4, 2003 , pp. 129-138 More about this Journal
Abstract
Role-Based Access Control(RBAC) model is becoming a promising model for enterprise environments with various organization structures. In terms of role hierarchy, each senior role inherits all the permissions of its junior roles in the role hierarchy, and a user who is a member of senior role is authorized to carry out the inherited permissions as well as his/her own ones. But there is a possibility for senior role members to abuse permissions. Since senior role members need not have all the authority of junior roles in the real world, enterprise environments require a restricted inheritance rather than a unconditional or blocked inheritance. In this paper, we propose a new role-based delegation model using the role hierarchy model with restricted inheritance functionality, in which security administrator can easily control permission inheritance behavior using sub-roles. Also, we describe how role-based user-to-user, role-to-role delegations are accomplished in the model and the characteristics of the proposed role-based delegation model.
Keywords
Role-based Access Control; Delegation; Role Hierarchy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Access Control for Large Collections /
[ Henry M.Gladny ] / ACM Transactons on Information Systems   DOI
2 The ARBAC97 model for role-based administration of roles /
[ Ravi S.Sandhu;Venkata Bhamidipati;Qamar Munawer ] / ACM Transactions on Information and System Security   DOI
3 A Role-based Delegation Model and Some Extensions /
[ Ezedin Barka;Ravi Sandhu ] / Proceedings of 16th Anual Computer Security Application Conference
4 /
[ Deri Sheppard ] / Introduction to Formal Specification With Z and Vdm
5 Applying RBAC Providing Restricted Rermission Inheritance to a Corporate Web Environment /
[ YougHoon Yi;Myongjae Kim;YoungLok Lee;HyungHyo Lee;BongNam Noh ] / APWeb Conference
6 Rational for the RBAC96 Family of Access Control Models /
[ Ravi S.Sandhu ] / Proceedings of 1st ACM Workshop on Role-based Access control
7 A Calculus for Access Control in Distributed Systems /
[ Martin Abadi;Michael Burrows;Butler Lampson;Gordon Plotkin ] / ACM Transactions on Programming lanaguages and Systems   DOI
8 A Rule-Based Framework for Role-Based Delegation /
[ Longhua Zhang;Gail Joon Ahn;Bei Tesng Chu ] / ACM Workshop on Role Based Access Control, Proceedings of the Sixth ACM Symposium on Access control models and technologies
9 Framework for Rold-Based Delegation Models /
[ Ezedin Barka;Ravi Sandhu ] / Proceedings of 23rd National Information Systems Security Conference
10 An Analysis of the Proxy Problem in Distributed systems /
[ Vijay Varadharajan;Philip Allen;Stewart Black ] / IEEE Symposium on Researchin Security and Privacy
11 An Architecture for practical Delegation in a Distributed System /
[ Morrie Gasser;Ellen McDermott ] / 1990 IEEE Computer Society Symposium on Research in Secuiry and Privacy
12 Role-based access control model /
[ Ravi S.Sandhu;Edward J. Coyne;Hal L. Feinstein;Charls E. Youman ] / IEEE Computer
13 Naming and Grouping Priviledges to Simplify Security Management in Large Data-bases /
[ R.W.Baldwin ] / IEEE symposium on Computer Security and Privacy