Proceedings Article10.1145/775412.775431
PBDM: a flexible delegation model in RBAC
Xinwen Zhang,Sejong Oh,Ravi Sandhu +2 more
- 02 Jun 2003
- pp 149-157
236
TL;DR: This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model, and supports both role and permission level delegation, which provides great flexibility in authority management.
read more
Abstract: Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 models are recently published models for role-based delegation. They deal with user-to-user delegation. The unit of delegation in them is a role. But in many cases users may want to delegate a piece of permission from a role. This paper proposes a flexible delegation model named Permission-based Delegation Model (PBDM), which is built on the well known RBAC96 model. PBDM supports user-to-user and role-to-role delegations with features of multi-step delegation and multi-option revocation. It also supports both role and permission level delegation, which provides great flexibility in authority management. In PBDM, a security administrator specify the permissions that a user (delegator) has authority to delegate to others (delegatee), then the delegator creates one or more temporary delegation roles and assigns delegatees to particular roles. This gives us clear separation of security administration and delegation.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
A fault recovery scheme for p2p metacomputers
Keith J. Power,John P. Morrison +1 more
- 18 Dec 2005
TL;DR: A method of recovering from faults which exploits the distributed hash table functionality provided by modern overlay networks is presented and its effectiveness is evaluated experimentally using a proof of concept P2P distributed computer.
5
A Discretionary Delegation Framework for Access Control Systems
M. Fahim Ferdous Khan,Ken Sakamura +1 more
- 24 Oct 2016
TL;DR: A discretionary framework for delegation of access rights from a delegator to a delegatee by implementing a delegation-token and various stages of its life cycle in tamper-resistant devices including smartcards is presented.
5
•Proceedings Article
Evaluating A Uml-Based Modeling Framework For Process-Related Security Properties: A Qualitative Multi-Method Study
Sigrid Schefer-Wenzl,Stefan Sobernig,Mark Strembeck +2 more
- 01 Jan 2013
TL;DR: A long-term empirical study to evaluate the applicability of four UML extensions included in the BusinessActivities Framework found that modelers are predominantly affected by the upfront effort of establishing a conceptual background on process-related security concepts and by the semantic complexity of control-flow modeling in UML activity diagrams.
5
•Dissertation
Access control administration with adjustable decentralization
Amir H. Chinaei
- 01 Jan 2007
TL;DR: A conflict-free and decentralized access control administration model in which all users are able to retain complete control over their own data while they are also able to delegate any subset of their privileges to other users or user groups is introduced.
5
Smatch: Formal dynamic session management model for RBAC
Frédéric Cuppens,Nora Cuppens-Boulahia,Meriam Ben Ghorbel-Talbi,Stephane Morucci,Nada Essaouni +4 more
- 01 Jul 2013
TL;DR: The Smatch (Secure MAnagement of swiTCH) model in which authorized users can join, leave, reopen and reuse dynamic sessions is defined, a model based on the situation calculus which extends first order logic with actions.
4
References
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
6.1K
The ARBAC97 model for role-based administration of roles
TL;DR: The motivation, intuition, and formal definition of a new role-based model for RBAC administration is described for the first time and this model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignments '97, and RRA97) dealing with different aspects ofRBAC administration.
Framework for role-based delegation models
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
TL;DR: This work develops a framework for identifying interesting cases that can be used for building role-based delegation models by identifying the characteristics related to delegation, using these characteristics to generate possible delegation cases, and using a systematic approach to reduce the large number of cases into few useful cases.
A Role-Based Delegation Model and Some Extensions
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
TL;DR: This paper proposes a simple but practically useful model for delegation called RBDM0 (role-based delegation model zero), and explores some extensions to R BDM0 including issues of revocation, partial delegation, multiple step delegation, and delegation with hierarchical roles.
189
A rule-based framework for role based delegation
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001
TL;DR: A role- based delegation model called RDM2000 (role-based delegation model 2000) is presented, which is an extension of RBDM0 by supporting hierarchical roles and multi-step delegation and a rule-based language for specifying and enforcing the policies based on RDM 2000 is introduced.
Related Papers (5)
Ezedin Barka,Ravi Sandhu +1 more
- 11 Dec 2000
Ezedin Barka,Ravi Sandhu +1 more
- 01 Jan 2000
Longhua Zhang,Gail-Joon Ahn,Bei-Tseng Chu +2 more
- 01 May 2001