Role-Based delegation with negative authorization
Authors: 
Hua Wang, Jinli Cao, David RossAuthors Info & Claims
Hua Wang, Jinli Cao, David RossAuthors Info & ClaimsPages 307 - 318
Abstract
Role-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for RBDM in distributed environment where a conflicting problem may arise when one user grants permission of a role to a delegated user and another user grants the negative permission to the delegated user.
This paper aims to analyse role-based group delegation features that has not studied before, and to provide an approach for the conflicting problem by adopting negative authorization. We present granting and revocation delegating models first, and then discuss user delegation authorization and the impact of negative authorization on role hierarchies.
References
[1]
Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4(Sept.), 706-734.
[2]
Al-Kahtani, E. and Sandhu, R. 2004. Rule-Based RBAC with Negative Authorization, 20th Annual Computer Security Applications Conference, Tucson, Arizona, 405-415.
[3]
Aura, T. 1999. Distributed access-rights management with delegation certificates. Security Internet programming. J. Vitec and C. Jensen Eds. Springer, Berlin, 211- 235.
[4]
Barka, E. and Sandhu, R. 2000. A role-based delegation model and some extensions. In Proceeings of 16th Annual Computer Security Application Conference, Sheraton New Orleans, December, 2000a, 168-177.
[5]
Barka, E. and Sandhu, R. 2000. Framework for role-based delegation model. In Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16-19, 2000b, 101-114.
[6]
Barkley J. F., Beznosov K. and Uppal J. 1999, Supporting Relationships in Access Control Using Role Based Access Control, Fourth ACM Workshop on RoleBased Access Control, 55-65.
[7]
Bell D.E., La Padula L.J. 1976. Secure Computer System: Unified Exposition and Multics Interpretation, Technical report ESD-TR-75-306, The Mitre Corporation, Bedford MA, USA.
[8]
Bertino, E. P. Samarati, P. and S. Jajodia, S. 1997. An Extended Authorization Model for Relational Databases, In IEEE Transactions On Knowledge and Data Engineering, Vol. 9, No. 1, 145-167.
[9]
Blaze, M. Feigenbaum, J., Ioannidis, J. and Keromytis, A. 1999. The role of trust management in distributed system security. Security Internet Programming. J. Vitec and C. Jensen, eds. Springer, Berlin, 185-210.
[10]
David F. F., Dennis M. G. and Nickilyn L. 1993. An examination of federal and commercial access control policy needs, In NIST NCSC National Computer Security Conference, Baltimore, MD, 107-116.
[11]
Feinstein, H. L. 1995. Final report: NIST small business innovative research (SBIR) grant: role based access control: phase 1. Technical report. SETA Corporation.
[12]
Ferraiolo, D. F. and Kuhn, D. R. 1992. Role based access control. The proceedings of the 15th National Computer Security Conference, 554-563.
[13]
Lampson, B. W., Abadi, M., Burrows, M. L., and Wobber, E. 1992. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems 10 (4), 265-310.
[14]
Li, N. and Grosof, B. N. 2000. A practically implementation and tractable delegation logic. IEEE Symposium on Security and Privacy. May, 27-42.
[15]
Sandhu, R. 1997. Rational for the RBAC96 family of access control models. In Proceedings of 1st ACM Workshop on Role-based Access Control, 64-72.
[16]
Sandhu R. 1998. Role activation hierarchies, Third ACM Workshop on RoleBased Access Control, Fairfax, Virginia, United States, ACM Press, 33-40.
[17]
Sandhu R. 1997. Role-Based Access Control, Advances in Computers, Academic Press, Vol. 46.
[18]
Wang, H., Cao, J., and Zhang, Y. 2005. A flexible payment scheme and its role based access control, IEEE Transactions on Knowledge and Data Engineering( IEEE05), Vol. 17, No. 3, 425-436.
[19]
Wang, H., Cao, J., Zhang, Y., and Varadharajan, V. 2003. Achieving Secure and Flexible M-Services Through Tickets, In B.Benatallah and Z. Maamar, Editor, IEEE Transactions Special issue on M-Services. IEEE Transactions on Systems, Man, and Cybernetics. Part A(IEEE03), Vol. 33, Issue: 6, 697- 708.
[20]
Wang, H., Zhang, Y., Cao, J., and Kambayahsi, J. 2004. A global ticket-based access scheme for mobile users, special issue on Object-Oriented Client/Server Internet Environments. Information Systems Frontiers, Vol. 6, No. 1, pages: 35-46. Kluwer Academic Publisher.
[21]
Wang, H., Cao, J., and Zhang, Y. 2002. Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations, The 3nd International Conference on Web Information Systems Engineering (WISE'2002), Singapore, pages: 301-310.
[22]
Wang, H., Sun, L., Zhang, Y., and Cao, J. 2005. Authorization Algorithms for the Mobility of User-Role Relationship, Proceedings of the 28th Australasian Computer Science Conference (ACSC05), Australian Computer Society, 167-176.
[23]
Wang, H., Cao, J., Zhang, Y. 2003. Formal authorization approaches for permission-role assignment using relational algebra operations, Proceedings of the 14th Australasian Database Conference(ADC03), Adelaide, Australia, Vol. 25, No.1, 125-134.
[24]
Wang, H., Cao, J., Zhang, Y. 2001. A Consumer Anonymity Scalable Payment Scheme with Role Based Access Control, Proceedings of the 2nd International Conference on Web Information Systems Engineering (WISE01), Kyoto, Japan, 73-72.
[25]
Yao, W., Moody, K., and Bacon, J. 2001. A model of OASIS role-based access control and its support for active security. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, 171-181.
[26]
Zhang, L., Ahn, G., and Chu, B. 2001.A Rule-based framework for role-based delegation. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, May 3-4, 153-162.
[27]
Zhang, L., Ahn, G., and Chu, B. 2002. A role-based delegation framework for healthcare information systems. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). Monterey, CA, June 3-4, 125-134.
Index Terms
- Role-Based delegation with negative authorization
Index terms have been assigned to the content through auto-classification.
Recommendations
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Delegation in role-based access control
ESORICS'06: Proceedings of the 11th European conference on Research in Computer SecurityUser delegation is a mechanism for assigning access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for role-based access control models have extensively studied grant ...
Comments
Information & Contributors
Information
Published In
January 2006
1217 pages
ISBN:3540311424
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 16 January 2006
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Aug 2024