Proceedings Article10.1145/775412.775431
PBDM: a flexible delegation model in RBAC
Xinwen Zhang,Sejong Oh,Ravi Sandhu +2 more
- 02 Jun 2003
- pp 149-157
236
TL;DR: This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model, and supports both role and permission level delegation, which provides great flexibility in authority management.
read more
Abstract: Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Secure policy execution using reusable garbled circuit in the cloud
Masoom Alam,Naina Emmanuel,Tanveer Khan,Abid Khan,Nadeem Javaid,Kim-Kwang Raymond Choo,Rajkumar Buyya +6 more
TL;DR: This paper presents a Privacy Aware Cross Tenant Access Control protocol for cross domain cloud users, based on reusable garbled circuit, and proposes the concept of a privacy aware Cloud Policy Decision Point (CPDP) that can be offered by cloud service providers.
9
Active Privilege Management for Distributed Access Control Systems
David Michael Eyers
- 01 Jan 2006
TL;DR: The Event-based Distributed Scalable Authorisation Control architecture for the 21st century (EDSAC21, or just EDSAC) is presented along with its four design layers and is intended to have widespread applicability as the basis for designing next-generation security middleware and implementing distributed, dynamic privilege management.
Multi-level delegations with trust management in access control systems
TL;DR: This paper proposes a multi-level delegation model with trust management in access control systems and devise trust evaluation techniques to describe a delegatee’s trust history and also predict the future trend of trust.
RBAC for Supply Chain Process Monitoring
Bernardo Nugroho Yahya,Minjung Kwon,Hyerim Bae +2 more
- 21 Nov 2007
TL;DR: A privilege-template based RBAC model is proposed that can resolve problems related to effective access control for supply chain processes, which are assumed to be managed by the BPM system.
9
The Austrian Identity Ecosystem – An e-Government Experience
Klaus Stranacher,Arne Tauber,Thomas Zefferer,Bernd Zwattendorfer +3 more
- 01 Jan 2013
TL;DR: This chapter introduces the Austrian identity ecosystem that represents one of the main pillars of the Austrian e-government infrastructure and shows how architectures and protocols for secure information technology are employed to assure the security of user identification and authentication processes.
9
References
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
6.1K
The ARBAC97 model for role-based administration of roles
TL;DR: The motivation, intuition, and formal definition of a new role-based model for RBAC administration is described for the first time and this model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignments '97, and RRA97) dealing with different aspects ofRBAC administration.
Framework for role-based delegation models
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
TL;DR: This work develops a framework for identifying interesting cases that can be used for building role-based delegation models by identifying the characteristics related to delegation, using these characteristics to generate possible delegation cases, and using a systematic approach to reduce the large number of cases into few useful cases.
A Role-Based Delegation Model and Some Extensions
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
TL;DR: This paper proposes a simple but practically useful model for delegation called RBDM0 (role-based delegation model zero), and explores some extensions to R BDM0 including issues of revocation, partial delegation, multiple step delegation, and delegation with hierarchical roles.
189
A rule-based framework for role based delegation
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001
TL;DR: A role- based delegation model called RDM2000 (role-based delegation model 2000) is presented, which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation and a rule-based language for specifying and enforcing the policies based on RDM 2000 is introduced.
Related Papers (5)
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001