OS-DRAM: A Delegation Administration Model in a Decentralized Enterprise Environment

Byun, Changwoo; Park, Seog; Oh, Sejong

doi:10.1007/11775300_50

OS-DRAM: A Delegation Administration Model in a Decentralized Enterprise Environment

Changwoo Byun¹⁹,
Seog Park¹⁹ &
Sejong Oh²⁰

Conference paper

1196 Accesses
1 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4016))

Abstract

In this paper, we propose an effective delegation administration model using the organizational structure. From a user-level delegation point of view, previous delegation models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as the leakage of information and the abuse of delegation in a decentralized enterprise environment. Thus, we propose a new integrated management model of administration role-based access control model and delegation policy, which is called the OS-DRAM. This defines the authority range in an organizational structure that is separated from role hierarchy and supports a clear criterion for user-level delegation administration. Consequently, the OS-DRAM supports a decentralized user-level delegation policy in which a regular user can freely delegate his/her authority to other users within a security officer’s authority range with-out the security officer’s intervention.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ferraio, D., Cugini, J., Kuhn, R.: Role-based Access Control (RBAC): Features and motivations. In: Proc. of 11th Annual Computer Security Application Conference, December 1995, pp. 241–248 (1995)
Google Scholar
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Method. IEEE Computer 29, 38–47 (1996)
Google Scholar
Sandhu, R., Ferraiolo, D., Kuhn, D.: The NIST model for role-based access control: towards a unified standard. In: Proc. of Fifth ACM Workshop on Role-Based Access Control, pp. 47–63
Google Scholar
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for rolebased admini-stration of roles. ACM Trans. Inf. and Syst. Sec. 1(2), 105–135
Google Scholar
Gavrila, S.I., Barkley, J.F.: Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In: Proc. of the 3rd ACM workshop on Role-Based Access Control, pp. 81–90 (1998)
Google Scholar
Sandu, R., Munawer, Q.: The ARBAC99 Model for Administrative Roles. In: 15^th Annual Computer Security Applications Conference, December 1999, pp. 229–240 (1999)
Google Scholar
Oh, S., Sandhu, R.: ’A Model for Role Administration Using Organization Structure. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), June 2002, pp. 155–162 (2002)
Google Scholar
Cuppens, F., Balbiani, P., Benferhat, S., Deswarte, Y., Abou El Kalam, A., Elbaida, R., Mige, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: Proc. of IEEE 4th Inter-nationalWorkshop on Policies for Distributed Systems and Networks (POLICY 2003), June 2003, pp. 120–130 (2003)
Google Scholar
Cuppens, F., Mige, A.: Administration Model for Or-BAC. In: Meersman, R., Tari, Z. (eds.) OTM-WS 2003. LNCS, vol. 2889, pp. 754–768. Springer, Heidelberg (2003)
Chapter Google Scholar
Oh, S., Byun, C., Park, S.: An Organizational Structure-Based Administration Model for Decentralized Access Control. Journal of Information Science and Engineering (2005) (submitted)
Google Scholar
Barka, E., Sandhu, R.: “A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference, NISSC (2000)
Google Scholar
Zhang, L., Ahn, G.-J., Chu, B.-T.: A Rule-Based Framework for Role-Based Delegation and Revocation. ACM Transactions on Information and System Security 6(3), 404–441 (2004)
Article Google Scholar
Zhang, X., Oh, S., Sandhu, R.: PBDM: A Flexible Delegation Model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 149–157 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Sogang University, Seoul, 121-742, South Korea
Changwoo Byun & Seog Park
Department of Computer Science, Dankook University, Cheonan, 330-714, South Korea
Sejong Oh

Authors

Changwoo Byun
View author publications
You can also search for this author in PubMed Google Scholar
Seog Park
View author publications
You can also search for this author in PubMed Google Scholar
Sejong Oh
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Chinese University of Hong Kong, Hong Kong, China
Jeffrey Xu Yu
Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan
Masaru Kitsuregawa
Department of Computing, Hong Kong Polytechnic University, Hong Kong
Hong Va Leong

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Byun, C., Park, S., Oh, S. (2006). OS-DRAM: A Delegation Administration Model in a Decentralized Enterprise Environment. In: Yu, J.X., Kitsuregawa, M., Leong, H.V. (eds) Advances in Web-Age Information Management. WAIM 2006. Lecture Notes in Computer Science, vol 4016. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11775300_50

Download citation

DOI: https://doi.org/10.1007/11775300_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35225-9
Online ISBN: 978-3-540-35226-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics