An Extended Role-Based Access Control Model for Delegating Obligations

Authors:
Meriam Ben-Ghorbel-Talbi;Frédéric Cuppens;Nora Cuppens-Boulahia;Adel Bouhoula
Affiliations:
Institut TELECOM/Telecom Bretagne, Cesson Sévigné Cedex, France 35576 and SUP'COM Tunis, Ariana, Tunisie 2083;Institut TELECOM/Telecom Bretagne, Cesson Sévigné Cedex, France 35576;Institut TELECOM/Telecom Bretagne, Cesson Sévigné Cedex, France 35576;SUP'COM Tunis, Ariana, Tunisie 2083
Venue:
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Year:
2009

Citing 11
Cited 3

Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Obligation Monitoring in Policy Management

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Nomad: A Security Model with Non Atomic Actions and Deadlines

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Obligation Policies: An Enforcement Platform

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Distributed usage control

Communications of the ACM - Privacy and security in highly dynamic systems
Modeling conversation policies using permissions and obligations

Autonomous Agents and Multi-Agent Systems
High Level Conflict Management Strategies in Advanced Access Control Models

Electronic Notes in Theoretical Computer Science (ENTCS)
Modeling contextual security policies

International Journal of Information Security
Revocation Schemes for Delegation Licences

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security

Negotiating and delegating obligations

Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Formal enforcement and management of obligation policies

Data & Knowledge Engineering
Formal specification and management of security policies with collective group obligations

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the administration and delegation of obligations. Managing such delegations implies more requirements than managing traditional privileges delegation. In fact, delegating obligations may include two interpretations: the delegation of the obligation and the delegation of the responsibility related to this obligation. Therefore, it is important to deal with these two notions separately. Moreover, since delegating an obligation involves the delegation of sanctions, then the consent of the user who receives this delegation may be required in some cases. We address in this paper these requirements and we propose a formalism to deal with them.