Reasoning about dynamic delegation in role based access control systems

Authors:
Chun Ruan;Vijay Varadharajan
Affiliations:
University of Western Sydney, NSW, Australia;University of Western Sydney, NSW, Australia and Macquarie University, NSW, Australia
Venue:
DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I
Year:
2011

Citing 9
Cited 1

Role-Based Access Control Models

Computer
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The role-based access control system of a European bank: a case study and discussion

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model for role administration using organization structure

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
PBDM: a flexible delegation model in RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
The ARBAC99 Model for Administration of Roles

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Detecting Conflicts in a Role-Based Delegation Model

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Security analysis in role-based access control

ACM Transactions on Information and System Security (TISSEC)
Towards Trustworthy Delegation in Role-Based Access Control Model

ISC '09 Proceedings of the 12th International Conference on Information Security

Evaluating role based authorization programs

ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.