Abstract
Delegation in computer systems plays an important role in relieving security officer’s management efforts, especially in a large-scale, highly decentralized environment. By distributing management authorities to a number of delegatees, scalable and manageable security management functionality can be achieved. Recently, a number of researches are proposed to incorporate delegation concept into Role-Based Access Control(RBAC) model, which is becoming a promising model for enterprise environment with various organization structures. In this paper, we propose a new role-based delegation model using sub-role hierarchies supporting restricted inheritance functionality, in which security administrator can easily control permission inheritance behavior using sub-roles. Also, we describe how role-based user-to-user, role-to-role delegations are accomplished in the proposed model and analyze our delegation model against various delegation characteristics.
This work was supported by University IT Research Center Project and partially by Wonkwang University in 2002
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R.S.: Rational for the RBAC 1996 Family of Access Control Models. In: Proceedings of 1st ACM Workshop on Role-Based Access control, Â Article No. 9. ACM, New York (1996)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control model. IEEE Computer 29, 38–47 (1996)
Barka, E., Sandhu, R.S.: A Role-based Delegation Model and Some Extensions. In: Proceedings of 16th Annual Computer Security Application Conference, Sheraton New Orleans, December 11–15 (2000)
Barka, E., Sandhu, R.S.: Framework for Role-Based Delegation Models. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16–19, pp. 101–114 (2000)
Sandhu, R.S., Bhamidipati, V., Munawe, Q.: The ARBAC97 model for rolebased administration of roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)
Gladny, H.M.: Access Control for Large Collections. ACM Transactions on Information Systems 15(2), 154–194 (1997)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)
Gasser, M., McDermott, E.: An Architecture for practical Delegation in a Distributed System. In: IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 7–9 (1990)
Varadharajan, V., Allen, P., Black, S.: An Analysis of the Proxy Problem in Distributed systems. In: IEEE Symposium on Research in Security and Privacy, Oakland, CA (1991)
Zhang, L., Ahn, G.-J., Chu, B.-T.: A rule-based framework for role based delegation. In: ACM Workshop on Role Based Access Control, Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, United States, May 3-4, pp. 153–162 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, H., Lee, Y., Noh, B. (2003). A New Role-Based Delegation Model Using Sub-role Hierarchies. In: Yazıcı, A., Şener, C. (eds) Computer and Information Sciences - ISCIS 2003. ISCIS 2003. Lecture Notes in Computer Science, vol 2869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39737-3_101
Download citation
DOI: https://doi.org/10.1007/978-3-540-39737-3_101
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20409-1
Online ISBN: 978-3-540-39737-3
eBook Packages: Springer Book Archive