Journal of Intelligent Information Systems

, Volume 39, Issue 3, pp 611–626 | Cite as

Multi-level delegations with trust management in access control systems



Delegation is a mechanism that allows one agent to act on another’s privilege. It is important that the privileges should be delegated to a person who is trustworthy. In this paper, we propose a multi-level delegation model with trust management in access control systems. We organize the delegation tasks into three levels, Low, Medium, and High, according to the sensitivity of the information contained in the delegation tasks. It motivates us that the more sensitive the delegated task is, the more trustworthy the delegatee should be. In order to assess how trustworthy a delegatee is, we devise trust evaluation techniques to describe a delegatee’s trust history and also predict the future trend of trust. In our proposed delegation model, a delegatee with a higher trust level could be assigned with a higher level delegation task. Extensive experiments show that our proposed multi-level delegation model is effective in accurately predicting trust and avoiding sensitive information disclosure.


Access control Database management Trust evaluation 


  1. Abadi, M., Burrows, M., Lampson, B., & Plotkin, G. (1991). A calculus for access control in distributed systems. Technical Report 70, Digital Systems Research Center.Google Scholar
  2. Atluri, V., & Warner, J. (2005). Supporting conditional delegation in secure workflow management systems. In SACMAT 2005: Proceedings of the tenth ACM symposium on access control models and technologies (pp. 49–58). New York: ACM Press.CrossRefGoogle Scholar
  3. Barka, E., & Sandhu, R. (2000). Framework for role-based delegation models. In ACSAC 2000: Proceedings of the 16th annual computer security applications conference, Washington, DC, USA (p. 168). Los Alamitos: IEEE Computer Society Press.Google Scholar
  4. Bonatti, P., & Samarati, P. (2002). A unified framework for regulating access and information release on the Web. Journal of Computer Security, 10(3), 241–271.Google Scholar
  5. Crampton, J., & Khambhammettu, H. (2006). Delegation in role-based access control. In Proceedings of 11th European symposium on research in computer security.Google Scholar
  6. Damiani, E., di Vimercati, S. D. C., Paraboschi, S., Samarati, P., & Violante, F. (2002). A reputation based approach for choosing reliable resources in peertopeer networks. In Proceedings of ACM CCS’02, Washington DC, USA (pp. 207–216).Google Scholar
  7. Griffiths, N. (2005). Task delegation using experience-based multi-dimensional trust. In The proceedings of the fourth international conference on autonomous agents and multiagent systems (AAMAS-05), Utrecht, The Netherlands (pp. 489–496).Google Scholar
  8. Hardjono, T., Chikaraishi, T., & Ohta, T. (1993). Secure delegation of tasks in distributed systems. In Proceedings of the 10th international symposium on the TRON project, Los Alamitos, California, USA.Google Scholar
  9. Joshi, J. B. D., & Bertino, E. (2006). Fine-grained role-based delegation in presence of the hybrid role hierarchy. In SACMAT 2006: Proceedings of the eleventh ACM symposium on access control models and technologies (pp. 81–90). New York: ACM Press.CrossRefGoogle Scholar
  10. Kamvar, S. D., Schlosser, M. T., & Garcia-Molina, H. (2003). The eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th international WWW conference, Budapest, Hungary.Google Scholar
  11. Li, L., Wang, Y., & Varadharajan, V. (2009). Fuzzy regression based trust prediction in service-oriented applications. In The sixth international conference on autonomic and trusted computing (ATC-09), Brisbane, Australia, 7–9 July.Google Scholar
  12. Li, M., & Wang, H. (2008). ABDM: An extended flexible delegation model in RBAC. Accepted by the IEEE 8th international conference on computer and information technology (CIT’2008), 8–11 July 2008, Sydney, Australia.Google Scholar
  13. Li, M., Wang, H., & Ross, D. (2009). Trust-based access control for privacy protection in collaborative environment. To appear in the 2009 IEEE international conference on e-business engineering (ICEBE 2009), Macau, China.Google Scholar
  14. Marti, S., & Garcia-Molina, H. (2004). Limited reputation sharing in P2P systems. In Proceedings of ACM EC’04, New York, USA (pp. 91–101).Google Scholar
  15. Na, S., & Cheon, S. (2000). Role delegation in role-based access control. In RBAC 2000: Proceedings of the fifth ACM workshop on role-based access control (pp. 39–44). New York: ACM Press.CrossRefGoogle Scholar
  16. Nejdl, W., Olmedilla, D., & Winslett, M. (2004). PeerTrust: Automated trust negotiation for peers on the Semantic Web. In Proceedings of the workshop on secure data management in a connected world (SDM’04) in conjunction with 30th international conference on very large databases.Google Scholar
  17. Norman, T. J., & Reed, C. A. (2002) A model of delegation for multi agent systems. In M. d’Inverno, M. M. Luck, M. Fisher, & C. Preist (Eds.), Foundations and applications of multi agent systems, Lecture notes in artificial intelligence (Vol. 2403, pp. 185–204). New York: Springer.CrossRefGoogle Scholar
  18. Ramchurn, S. D., Sierra, C., Godo, L., & Jennings, N. R. (2003). A computational trust model for multi-agent interactions based on confidence and reputation. In Proc. of the 6th int. workshop of deception, fraud and trust in agent societies (pp. 69–75).Google Scholar
  19. Vapnyarskii, I. B. (2001). Lagrange multipliers. In M. Hazewinkel (Ed.), Encyclopaedia of mathematics. Norwell: Kluwer Academic. ISBN 978-1556080104.Google Scholar
  20. Wang, Y., & Varadharajan, V. (2004). Interaction trust evaluation in decentralized environments. In K. Bauknecht, M. Bichler, & B. Proll (Eds.), Proceedings of 5th international conference on electronic commerce and Web technologies (EC-Web’04), Zaragoza, Spain, LNCS (Vol. 3182, pp. 144–153). Berlin: Springer.Google Scholar
  21. Wainer, J., & Kumar, A. (2005). A fine-grained, controllable, user-to-user delegation method in RBAC. In SACMAT 2005: Proceedings of the tenth ACM symposium on access control models and technologies (pp. 59–66). New York: ACM Press.CrossRefGoogle Scholar
  22. Waner, S., & Costenoble, S. R. (2007). Applied calculus (4th ed.). Pacific Grove: Brooks/Cole.Google Scholar
  23. Winsborough, W., & Li, N. (2002). Towards practical automated trust negotiation. In Third international workshop on policies for distributed systems and networks (POLICY 2002), Monterey, CA.Google Scholar
  24. Xie, Z., & Chi, C. H. (2007). Quantifying trust through delegation in service oriented architecture. In IEEE SCW 2007 (pp. 308–315).Google Scholar
  25. Xiong, L., & Liu, L. (2004). PeerTrust: Supporting reputation-based trust for peer-to-peer electronic communities. IEEE Transations on Knowlege and Data Engineering, 16(7), 843–857.CrossRefGoogle Scholar
  26. Zacharia, G., & Maes, P. (2000). Trust management through reputation mechanisms. Applied Artificial Intelligence Journal, 9, 881–908.CrossRefGoogle Scholar
  27. Zhang, L., Ahn, G. J., & Chu, B. T. (2003a). A rule-based framework for role-based delegation and revocation. ACM Transactions on Information Systems and Security, 6(3), 404–441.CrossRefGoogle Scholar
  28. Zhang, X., Oh, S., & Sandhu, R. (2003b). Pbdm: A flexible delegation model in RBAC. In SACMAT 2003: Proceedings of the eighth ACM symposium on access control models and technologies (pp. 149–157). New York: ACM Press.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of Mathematics & ComputingUniversity of Southern QueenslandToowoombaAustralia
  2. 2.Australian Council for Educational ResearchMelbourneAustralia
  3. 3.School of Engineering and ScienceVictoria UniversityMelbourneAustralia

Personalised recommendations