• Title/Summary/Keyword: Role Delegation

Search Result 49, Processing Time 0.025 seconds

Extended GTRBAC Delegation Model for Access Control Enforcement in Enterprise Environments (기업환경의 접근제어를 위한 확장된 GTRBAC 위임 모델)

  • Hwang Yu-Dong;Park Dong-Gue
    • Journal of Internet Computing and Services
    • /
    • v.7 no.1
    • /
    • pp.17-30
    • /
    • 2006
  • With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model. sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model. called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model. supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.

  • PDF

User-Level Delegation in Role-Based Access Control Model (역할기반 접근제어에 기초한 사용자 수준의 위임 기법)

  • 심재훈
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.3
    • /
    • pp.49-62
    • /
    • 2000
  • Role-Based Access Control(RBAC) has recently received considerable attention as a alternative to traditional discretionary and mandatory access control to apply variant organizations function hierarchy of commercial or govemment. Also RBAC provides a delegation that is one of control principles in organization. In general delegation occurring in real organization is performed by an user giving permissions to another user. But, RBAC cannot implement these user-level delegation correctly. And delegation result in security problem such as destroying separation of duty policy information disclosure due to inappro-priate delegation. Besides security adminsitrator directly deals with that problem. In this thesis we suggests some methods that is created by the user.

A Time Constraints Permission Based Delegation Model in RBAC (RBAC을 기반으로 하는 시간제한 권한 위임 모델)

  • Kim, Tae-Shik;Chang, Tae-Mu
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.11
    • /
    • pp.163-171
    • /
    • 2010
  • RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

An Advanced Permission-Based Delegation Model in RBAC (RBAC을 기반으로 하는 향상된 권한 위임 모델)

  • Kim, Tae-Shik;Chang, Tae-Mu
    • The KIPS Transactions:PartC
    • /
    • v.13C no.6 s.109
    • /
    • pp.725-732
    • /
    • 2006
  • RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

APDM : Adding Attributes to Permission-Based Delegation Model

  • Kim, Si-Myeong;Han, Sang-Hoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.2
    • /
    • pp.107-114
    • /
    • 2022
  • Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.

A Study on The Delegation of Role in Role Based Access Control (역할 기반 접근 제어에서 역할 위임에 관한 연구)

  • Lee, Hee-Kyu;Lee, Jea-Kwang
    • The KIPS Transactions:PartC
    • /
    • v.10C no.3
    • /
    • pp.265-272
    • /
    • 2003
  • RBAC is an Access Control Mechanism for security administration of system resource and technique attracting in commercial fields because of reducing cost and complexity of security administration in large network. Many RBAC's research is progressive but several problems such as the delegation of role have been pointed out concerning the mechanism. It is necessary that a person's role delegate someone with reliability by reasons of a leave of absence, sick leave and the others. But the existing RBAC standards don't give definition of the delegation of roles. In this paper, we propose RBAC model that delegator can delegate subset of role and permission to a delegatee so that more efficient access control may be available.

Rule-Based Framework for user level delegation model in Role Based Access Control (역할기반 접근제어에서의 사용자 수준의 위임기법에 대한 Rule-Based Framework)

  • 박종화
    • The Journal of Information Technology
    • /
    • v.4 no.3
    • /
    • pp.139-154
    • /
    • 2001
  • In current role-based systems, security officers handle assignments of users to roles. This may increase management efforts in a distributed environment because of the continuous involvement from security officers. The technology of role-based delegation provides a means for implementing RBAC in a distributed environment with empowerment of individual users. The basic idea behind a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a rule-based framework for user-level delegation model in which a user can delegate role authority by creating new delegation roles. Also, a rule-based language for specifying and enforcing the policies is introduced.

  • PDF

An Integrated Management Model of Administrative Role-Based Access Control and Delegation Policy (ARBAC과 위임 정책의 통합 관리 모델)

  • Oh, Se-Jong;Kim, Woo-Sung
    • The KIPS Transactions:PartC
    • /
    • v.11C no.2
    • /
    • pp.177-182
    • /
    • 2004
  • Delegation is one of important security policies in the access control area. We propose a management model of delegation integrated with ARBAC model for environment of distributed access control. We Integrate PBDM delegation model with ARBAC97 model, and suggest integrity rules of delegation for preventing security threats in new model. Our model supports both free delegation for users without intervention of administrators, and controlling delegation for security administrators.

Extended GTRBAC Model for Access Control Enforcement in Ubiquitous Environments (유비쿼티스 환경의 접근제어를 위한 확장된 GTRBAC 모델)

  • Hwang Yu-Dong;Park Dong-Gue
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.3 s.35
    • /
    • pp.45-54
    • /
    • 2005
  • The existing access control models have the demerits that do not provide the limit function of using resources by time constraint, the restricted inheritance function as a superior role in role hierarchy, the delicate delegation policy and the limit function of using resources by the location information about a user for the access control in ubiquitous environment. This paper proposes an Extended-GTRBAC model is suited to the access control in ubiquitous environment by applying to sub-role concept of GTRBAC model that the application of resources can be restricted by the period and time and PBDM and considering the location information about a user on temporal constraint. The proposal model can restrict the inheritance of permission in role hierarchy by using sub-role, provide the delicate delegation policy such as user-to-user delegation, role to role delegation, multi-level delegation. multi-step delegation, and apply diverse and delicate access control policy which is suited the characteristic of ubiquitous environment by considering the location information about a user on temporal constraint.

  • PDF

Role-Based Delegation Model Using Available Time (가용 시간을 이용한 역할 기반 위임 모델)

  • Kim, Kyoung-Ja;Chang, Tae-Mu
    • The KIPS Transactions:PartC
    • /
    • v.14C no.1 s.111
    • /
    • pp.65-72
    • /
    • 2007
  • The existing RBAC models are not sufficient for managing delegations or separation of roles. Researches have been done on RBDM(Role Based Delegation Model) that deal with delegating role or permission to other users. In this paper, we divide the delegated roles into two groups: periodic and temporary delegation roles. When a role is delegated, a time period is assigned together, which is used to revoke the permission of delegated role automatically. In our model, the role of monotonic delegation by an original user can be revoked at any time in case of malicious use by the delegated user. The contribution of our model is that the malicious use of delegated role can be prohibited and security vulnerability in the role hierarchy due to role delegations can be alleviated. The proposed model, T RBDM(Time out Based RBDM) is analyzed and compared with the conventional models, such as RBDM0, RBDM1 and PBDM. Our model shows an advantage over other models in terms of security robustness.