Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2006.13C.6.725

An Advanced Permission-Based Delegation Model in RBAC  

Kim, Tae-Shik (동국대학교 대학원 컴퓨터공학과)
Chang, Tae-Mu (동국대학교 컴퓨터공학과)
Publication Information
The KIPS Transactions:PartC / v.13C, no.6, 2006 , pp. 725-732 More about this Journal
Abstract
RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.
Keywords
RBAC(Role-Based Access Control); Role; Delegation; Permission;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chunxiao Ye, Yunqing Fu, Zhingfu Wu, 'An attribute-Based-Delegation-Model', ACM International Conference Proceeding Series, Vol85, Proceedings of the 3rd international Conference in Information security, pp.220-221, November 14-16, 2004   DOI
2 Nighui Li, Mahesh V, Triounitara, 'Security Analysis in Role-Based Access Control', Proceedings of the Ninth ACM Symposium in Access Control Models and Techniques (SACMAT 2004), pp.126-135, June 2-4, 2004   DOI
3 Serban I, Bavrila, Jogn F, Barklev, 'Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management', ACM Workshop on Role-Based Access Control, pp.81-90, 1998   DOI
4 Zhang L, Gail-Joon Ahn and Chun B.T, 'A Rule-based Framework for Role-based Delegation Revocation', ACM Transactions on Information and System Security, Vol.6, No.3, pp.404-441, August, 2003   DOI
5 XinWen Zhang, Sejong Oh and Ravi Sandhu, 'PBDM: A Flexible Delegation Model in RBAC', 8th ACM Symposium on Access Control Models and Technologies(SACMAT -03), pp.149-157, June, 2003   DOI
6 Ravi Sandhu, Edward j. Coyne, Hal L. Feinstein and Charles E. Youman, 'Role-based Access Control Model', IEEE, pp.38-47, Feb., 1996
7 Ezedin Barka and Ravi Shanhu, 'Framework for Role-based Delegation Model and Some Extensions', Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, pp.101-114, Baltimore, USA, October, 2000. 3
8 Gail-Joon Ahn, 'Specification and Classification of Role-based Authorization Policies', In Proceedings of 8th IEEE International Workshop on Enterprise Security (WETICE2003), pp.202-207, June 9-11, 2000
9 Gail-Joon Ahn and Ravi Shanhu, 'Role-based Authorization Constraints Specification', ACM Trans on Information and System Security, Vol.3, No.4, pp.207-226, November, 2000   DOI
10 D. Ferraiolo, J. Cugini and D.R.Kuhn, 'Role-based Access Control : Features and Motivations', In Annual Computer Security Applications Conference, pp.241-248, November 09, 1995
11 Ezedin Barka and Ravi Shanhu, 'A Role-Based Delegation model and Some Extensions', Proc, Of 23rd National Information System Security Conference(NISSC 2000), pp.168-176, December, 2000
12 D. Ferraiolo And D.R.Kuhn, 'Role-based access controls', 15th NIST_NICS National Computer Security Conference, pp.554-563, Baltimore, MD, October 13-16, 1992