An authorization framework based on constrained delegation

Authors:
Gang Yin;Meng Teng;Huai-min Wang;Yan Jia;Dian-xi Shi
Affiliations:
Institute of Network Technology & Information Security, Department of Computer Science, National University of Defense Technology, China;Institute of Network Technology & Information Security, Department of Computer Science, National University of Defense Technology, China;Institute of Network Technology & Information Security, Department of Computer Science, National University of Defense Technology, China;Institute of Network Technology & Information Security, Department of Computer Science, National University of Defense Technology, China;Institute of Network Technology & Information Security, Department of Computer Science, National University of Defense Technology, China
Venue:
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
Year:
2004

Citing 12
Cited 3

The well-founded semantics for general logic programs

Journal of the ACM (JACM)
Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
HYDRA: the kernel of a multiprocessor operating system

Communications of the ACM
The role of trust management in distributed systems security

Secure Internet programming
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
Using Authority Certificates to Create Management Structures

Revised Papers from the 9th International Workshop on Security Protocols
Framework for role-based delegation models

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Constrained Delegation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Grid Computing: Making the Global Infrastructure a Reality

Grid Computing: Making the Global Infrastructure a Reality

Delegation in the role graph model

Proceedings of the eleventh ACM symposium on Access control models and technologies
Commitment issues in delegation process

AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Towards more controllable and practical delegation

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Quantified Score

Hi-index	0.04

Visualization

Abstract

In this paper, we distinguish between authorization problems at management level and request level in open decentralized systems, using delegation for flexible and scalable authorization management. The delegation models in existing approaches are limited within one level or only provide basic delegation schemes, and have no effective control over the propagation scope of delegated privileges. We propose REAL, a Role-based Extensible Authorization Language framework for open decentralized systems. REAL covers delegation models at both two levels and provides more flexible and scalable authorization and delegation policies while capable of restricting the propagation scope of delegations. We formally define the semantics of credentials in REAL by presenting a translation algorithm from credentials to Datalog rules (with negation-as-failure). This translation also shows that the semantics can be computed in polynomial time.