Capability-based delegation model in RBAC

Authors:
Koji Hasebe;Mitsuhiro Mabuchi;Akira Matsushita
Affiliations:
University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Japan;University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Japan;Graduate School of Systems and Information Engineering, 1-1-1 Tennodai, Tsukuba, Japan
Venue:
Proceedings of the 15th ACM symposium on Access control models and technologies
Year:
2010

Citing 14
Cited 3

Role-Based Access Control Models

Computer
A rule-based framework for role based delegation

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Capability-Based Computer Systems

Capability-Based Computer Systems
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Delegation Model/ Hierarchical Roles (RBDM1)

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Supporting conditional delegation in secure workflow management systems

Proceedings of the tenth ACM symposium on Access control models and technologies
A fine-grained, controllable, user-to-user delegation method in RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies
Formal specification of role-based security policies for clinical information systems

Proceedings of the 2005 ACM symposium on Applied computing
A delegation framework for federated identity management

Proceedings of the 2005 workshop on Digital identity management
Homeviews: peer-to-peer middleware for personal data sharing applications

Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Capability file names: separating authorisation from user management in an internet file system

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Formal Models of Capability-Based Protection Systems

IEEE Transactions on Computers
Delegation in role-based access control

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

xDAuth: a scalable and lightweight framework for cross domain access control and delegation

Proceedings of the 16th ACM symposium on Access control models and technologies
An auto-delegation mechanism for access control systems

STM'10 Proceedings of the 6th international conference on Security and trust management
OSDM: an organizational supervised delegation model for RBAC

ISC'12 Proceedings of the 15th international conference on Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

For flexible and dynamic resource management in environments where users collaborate to fulfill their common tasks, various attempts at modeling delegation of authority have been proposed using the role-based access control (RBAC) model. However, to achieve a higher level of collaboration in large-scale networked systems, it is worthwhile supporting cross-domain delegation with low administration cost. For that purpose, we propose a capability-role-based access control (CRBAC) model, by integrating a capability-based access control mechanism into the RBAC96 model. Central to this scheme is the mapping of capabilities to permissions as well as to roles in each domain, thereby realizing the delegation of permissions and roles by capability transfer. By taking this approach of capability-based access control, our model has the advantages of flexibility and reduced administration costs. We also demonstrate the effectiveness of our model by using examples of various types of delegation in clinical information systems.