Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
IEEE Transactions on Software Engineering
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Database security
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
ACM Transactions on Database Systems (TODS)
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Discrete Mathematics and Its Applications
Discrete Mathematics and Its Applications
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
A Model of Methods Access Authorization in Object-oriented Databases
VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Detecting Conflicts in a Role-Based Delegation Model
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Authorization in Distributed Systems: A Formal Approach
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Administrative scope in the graph-based framework
Proceedings of the ninth ACM symposium on Access control models and technologies
Hi-index | 0.00 |
The problem of resolving conflicts in delegated authorizations has not been systematically addressed by researchers. In (Ruan and Varadharajan in Proceedings of the 7th Australasian Conference on Information Security and Privacy, pp. 271---285, 2002) we proposed a graph based framework that supports authorization delegation and conflict resolution. In this paper, we have extended the model to allow grantors of delegations to express degrees of certainties about their delegations and grants of authorizations. This expression of certainty gives the subjects (e.g. users) more flexibility to control their delegations of access rights. We propose a new conflict resolution policy based on weighted lengths of authorization paths. This policy provides a greater degree of flexibility in that it enables to specify and analyse the effect of predecessor-successor relationship as well as the weights of authorizations on the conflicts. We present a detailed algorithm to evaluate authorization delegations and conflict resolutions. The correctness proof and time complexity of the algorithm are also provided. Since in a dynamic environment, the authorization state is not static, we have considered how authorization state changes occur and have developed an algorithm to analyse authorization state transformations and given correctness proofs. Finally, we discuss how to achieve a global decision policy from local authorization policies in a distributed environment. Three integration models based on the degrees of node autonomy are proposed, and different strategies of integrating the local policies into the global policies in each model are systematically discussed.