Resolving Conflicts in Authorization Delegations

Authors:
Chun Ruan;Vijay Varadharajan
Affiliations:
-;-
Venue:
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Year:
2002

Citing 7
Cited 7

Integrating security in a large distributed system

ACM Transactions on Computer Systems (TOCS)
A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
On an authorization mechanism

ACM Transactions on Database Systems (TODS)
Protection in operating systems

Communications of the ACM
A Model of Methods Access Authorization in Object-oriented Databases

VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
A Logical Framework for Reasoning on Data Access Control Policies

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Supporting Multiple Access Control Policies in Database Systems

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy

A fine-grained, controllable, user-to-user delegation method in RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies
A method for access authorisation through delegation networks

ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
DW-RBAC: A formal security model of delegation and revocation in workflow systems

Information Systems
A graph theoretic approach to authorization delegation and conflict resolution in decentralised systems

Distributed and Parallel Databases
Data protection in distributed database systems

ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
A representation model of trust relationships with delegation extensions

iTrust'05 Proceedings of the Third international conference on Trust Management
Graphical representation of authorization policies for weighted credentials

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Quantified Score

Hi-index	0.01

Visualization

Abstract

In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor's authorizations will always take precedence over the successor's. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model.