Abstract
In this paper, we propose an effective delegation administration model using the organizational structure. From a user-level delegation point of view, previous delegation models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as the leakage of information and the abuse of delegation in a decentralized enterprise environment. Thus, we propose a new integrated management model of administration role-based access control model and delegation policy, which is called the OS-DRAM. This defines the authority range in an organizational structure that is separated from role hierarchy and supports a clear criterion for user-level delegation administration. Consequently, the OS-DRAM supports a decentralized user-level delegation policy in which a regular user can freely delegate his/her authority to other users within a security officer’s authority range with-out the security officer’s intervention.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ferraio, D., Cugini, J., Kuhn, R.: Role-based Access Control (RBAC): Features and motivations. In: Proc. of 11th Annual Computer Security Application Conference, December 1995, pp. 241–248 (1995)
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Method. IEEE Computer 29, 38–47 (1996)
Sandhu, R., Ferraiolo, D., Kuhn, D.: The NIST model for role-based access control: towards a unified standard. In: Proc. of Fifth ACM Workshop on Role-Based Access Control, pp. 47–63
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for rolebased admini-stration of roles. ACM Trans. Inf. and Syst. Sec. 1(2), 105–135
Gavrila, S.I., Barkley, J.F.: Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In: Proc. of the 3rd ACM workshop on Role-Based Access Control, pp. 81–90 (1998)
Sandu, R., Munawer, Q.: The ARBAC99 Model for Administrative Roles. In: 15th Annual Computer Security Applications Conference, December 1999, pp. 229–240 (1999)
Oh, S., Sandhu, R.: ’A Model for Role Administration Using Organization Structure. In: Proc. of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), June 2002, pp. 155–162 (2002)
Cuppens, F., Balbiani, P., Benferhat, S., Deswarte, Y., Abou El Kalam, A., Elbaida, R., Mige, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: Proc. of IEEE 4th Inter-nationalWorkshop on Policies for Distributed Systems and Networks (POLICY 2003), June 2003, pp. 120–130 (2003)
Cuppens, F., Mige, A.: Administration Model for Or-BAC. In: Meersman, R., Tari, Z. (eds.) OTM-WS 2003. LNCS, vol. 2889, pp. 754–768. Springer, Heidelberg (2003)
Oh, S., Byun, C., Park, S.: An Organizational Structure-Based Administration Model for Decentralized Access Control. Journal of Information Science and Engineering (2005) (submitted)
Barka, E., Sandhu, R.: “A Role-Based Delegation Model and Some Extensions. In: Proc. of 23rd National Information Systems Security Conference, NISSC (2000)
Zhang, L., Ahn, G.-J., Chu, B.-T.: A Rule-Based Framework for Role-Based Delegation and Revocation. ACM Transactions on Information and System Security 6(3), 404–441 (2004)
Zhang, X., Oh, S., Sandhu, R.: PBDM: A Flexible Delegation Model in RBAC. In: Proc. 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 149–157 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Byun, C., Park, S., Oh, S. (2006). OS-DRAM: A Delegation Administration Model in a Decentralized Enterprise Environment. In: Yu, J.X., Kitsuregawa, M., Leong, H.V. (eds) Advances in Web-Age Information Management. WAIM 2006. Lecture Notes in Computer Science, vol 4016. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11775300_50
Download citation
DOI: https://doi.org/10.1007/11775300_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35225-9
Online ISBN: 978-3-540-35226-6
eBook Packages: Computer ScienceComputer Science (R0)