Article

Free access

Authorization algorithms for the mobility of user-role relationship

Authors:

Jinli CaoAuthors Info & Claims

ACSC '05: Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38

Pages 69 - 77

Published: 01 January 2005 Publication History

Abstract

The mobility of user-role relationship is a new feature relative to their counterparts in user-role assignments. When an administrative role assigns a role to a user with a mobile membership, this allows the user to use the permissions of the role and to be further added other roles by administrators. Immobile membership grants the user the authority to use the permissions, but does not make the user eligible for further role assignment. Two types of problems may arise in user-role assignment with the mobility of user-role relationship. One is related to authorization granting process. When a role is granted to a user, this role may be conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. When a role is revoked from a user, the user may still have the role from other roles.In this paper, we discuss granting and revocation models related to mobile and immobile memberships between users and roles, then provide proposed authorization granting, weak revocation and strong revocation algorithms that are based on relational algebra and operations. We also describe how to use the new algorithms with an anonymity scalable payment scheme. Finally, comparisons with other related work are made.

References

[1]

Barkley J. F., Beznosov K. and Uppal J. (1999), Supporting relationships in access control using role based access control, in 'Third ACM Workshop on RoleBased Access Control', pp. 55--65.]]

Digital Library

[2]

Bertino E., Castano S., Ferrari E. and Mesiti M. (2000), 'Specifying and enforcing access control policies for XML document sources', World Wide Web, 3 pp. 139--151.]]

Digital Library

[3]

David F. F., Dennis M. G. and Nickilyn L. (1993), An examination of federal and commercial access control policy needs, in 'NIST NCSC National Computer Security Conference', Baltimore, MD, pp. 107--116.]]

[4]

Feinstein H. L. (1995), Final report: Nist small business innovative research (sbir) grant: role based access control: phase 1. technical report, in 'SETA Corp.'.]]

[5]

Ferraiolo D. F. and Kuhn D. R. (1992), Role based access control, in '15th National Computer Security Conference', http: //www.citeseer.nj.nec.com/, pp. 554--563.]]

[6]

Ferraiolo D. F., Barkley J. F. and Kuhn D. R. (1999), Role-based access control model and reference implementation within a corporate intranet, in 'TISSEC, Vol. 2, pp. 34--64.]]

Digital Library

[7]

Oh S. and Sandhu R. (2002), A model for role administration using organization structure, in 'Seventh ACM Symposium on Access Control Models and Technologies', ACM Press, pp. 155--162.]]

Digital Library

[8]

Okamoto T. (1995), An efficient divisible electronic cash scheme, in 'Advances in Cryptology-Crypto'95', Vol. 963 of Lectures Notes in Computer Science, Springer-Verlag, pp. 438--451.]]

Digital Library

[9]

Rivest R. T. (1992), 'The MD5 message digest algorithm', Internet RFC 1321 .]]

Digital Library

[10]

Sandhu R. (1998a), Role activation hierarchies, in 'Third ACM Workshop on RoleBased Access Control', ACM Press, pp. 33--40.]]

Digital Library

[11]

Sandhu R. (1998b), 'Role-Based Access Control', Advances in Computers46.]]

[12]

Sandhu R. and Bhamidipati V. (North-Holland, 1997), 'The ura97 model for role-based administration of user-role assignment', T. Y. Lin and Xiao Qian, editors, Database Security XI: Status and Prospects pp. 262--275.]]

Digital Library

[13]

Sandhu R. and Munawer Q. (1999), The arbac99 model for administration of roles, in 'the Annual Computer Security Applications Conference', ACM Press, pp. 229--238.]]

Digital Library

[14]

Sandhu R. and Park J. S. (1998), Decentralized User-Role Assignment for Web-based Intranets, in '3th ACM Workshop on Role-Based Access Control', ACM Press, pp. 1--12.]]

Digital Library

[15]

Wang H., Cao J. and Kambayashi Y. (2002), Building a consumer anonymity scalable payment protocol for the internet purchases, in '12th International Workshop on Research Issues on Data Engineering: Engineering E-Commerce/E-Business Systems', San Jose, USA.]]

Digital Library

[16]

Wang H., Cao J. and Zhang Y. (2002), Formal authorization allocation approaches for role-based access control based on relational algebra operations, in '3nd International Conference on Web Information Systems Engineering (WISE02)', Singapore, pp. 301--312.]]

Digital Library

[17]

Wang H. Sun L., Cao J., and Zhang Y. (2004), Anonymous access scheme for electronic-services, in 'Proceedings of the Twenty-Seventh Australasian Computer Science Conference (ACSC2004)', Dunedin, New Zealand, pp. 296--305.]]

Digital Library

[18]

Wang H., Zhang Y., Cao J., Kambayahsi Y. (2004), 'A global ticket-based access scheme for mobile users', Special Issue on Object-Oriented Client/Server Internet Environments, Information Systems Frontiers6(1), 35--46.]]

Digital Library

[19]

Wang H., Zhang Y., Cao J., Varadharajan V. (2003), 'Achieving secure and flexible m-services through tickets', IEEE Transactions on Systems, Man, and Cybernetics, Part A, Special issue on M-Services pp. 697--708.]]

Digital Library

[20]

Yiannis T. (1998), Fair off-line cash made easy, in 'Advances in Cryptology-Asiacrypt'98', Vol. 1346 of Lectures Notes in Computer Science, Springer-Verlag, pp. 240--252.]]

Cited By

Li MWang H(2008)Protecting Information Sharing in Distributed Collaborative EnvironmentRevised Selected Papers of the APWeb 2008 International Workshops on Advanced Web and Network Technologies, and Applications - Volume 497710.5555/2964958.2964980(192-200)Online publication date: 26-Apr-2008
https://dl.acm.org/doi/10.5555/2964958.2964980
Wang HLi Q(2007)Secure and efficient information sharing in multi-university E-Learning environmentsProceedings of the 6th international conference on Advances in web based learning10.5555/2170285.2170343(542-553)Online publication date: 15-Aug-2007
https://dl.acm.org/doi/10.5555/2170285.2170343
Wang HLi JAddie RDekeyser SWatson R(2006)A framework for role-based group deligation in distributed environmentsProceedings of the 29th Australasian Computer Science Conference - Volume 4810.5555/1151699.1151735(321-328)Online publication date: 1-Jan-2006
https://dl.acm.org/doi/10.5555/1151699.1151735
Show More Cited By

Index Terms

Authorization algorithms for the mobility of user-role relationship

Recommendations

Formal authorisation allocation approaches for permission-role assignments using relational algebra operations
ADC '03: Proceedings of the 14th Australasian database conference - Volume 17

In this paper, we develop formal authorization allocation algorithms for permission-role assignments. The formal approaches are based on relational structure, relational algebra and operations. The process of permission-role assignments is an important ...
A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web services

The OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models
DASC '11: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to ...

Comments

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ACSC '05: Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38

January 2005

365 pages

ISBN:1920682201

Editor:
Vladimir Estivill-Castro
Griffith University.

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 01 January 2005

Author Tags

Qualifiers

Article

Conference

ACSC '05

ACSC '05: Computer Science

01 01 2005

Newcastle, Australia

Acceptance Rates

Overall Acceptance Rate 136 of 379 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
498
Total Downloads

Downloads (Last 12 months)100
Downloads (Last 6 weeks)28

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li MWang H(2008)Protecting Information Sharing in Distributed Collaborative EnvironmentRevised Selected Papers of the APWeb 2008 International Workshops on Advanced Web and Network Technologies, and Applications - Volume 497710.5555/2964958.2964980(192-200)Online publication date: 26-Apr-2008
https://dl.acm.org/doi/10.5555/2964958.2964980
Wang HLi Q(2007)Secure and efficient information sharing in multi-university E-Learning environmentsProceedings of the 6th international conference on Advances in web based learning10.5555/2170285.2170343(542-553)Online publication date: 15-Aug-2007
https://dl.acm.org/doi/10.5555/2170285.2170343
Wang HLi JAddie RDekeyser SWatson R(2006)A framework for role-based group deligation in distributed environmentsProceedings of the 29th Australasian Computer Science Conference - Volume 4810.5555/1151699.1151735(321-328)Online publication date: 1-Jan-2006
https://dl.acm.org/doi/10.5555/1151699.1151735
Wang HCao JRoss D(2006)Role-Based delegation with negative authorizationProceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development10.1007/11610113_28(307-318)Online publication date: 16-Jan-2006
https://dl.acm.org/doi/10.1007/11610113_28

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents