A Weighted Graph Approach to Authorization Delegation and Conflict Resolution

  • Chun Ruan
  • Vijay Varadharajan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3108)


Solving conflicts in authorization delegation has not been considerably explored by researchers. In [5] we proposed a graph based framework supporting authorization delegation and conflict resolution. We proposed a predecessor-take-precedence based conflict resolution method, which gives higher priorities to the predecessors along the delegation paths to achieve the well-controlled delegations. In this paper, we further extend the model to allow grantors to express degrees of certainties about their delegations and grants of authorizations. This expression of certainty gives subjects more flexibility on the control of their delegations of access rights. A new conflict resolution policy based on weighted lengths of authorization paths is proposed. This policy deals with the conflicts in a more flexible way in that not only the relationship of predecessor-successor but also the weights of authorizations are taken into consideration. Cyclic authorizations are allowed to further enhance the expressive flexibility, and the undesired situations caused by them can be avoided through the proposed conflict resolution method. The intuitive graph interpretation provides a formal basis for the underlying semantics of our model.


Short Path Active Path Authorization State Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley Publishing Company, Reading (1995)zbMATHGoogle Scholar
  2. 2.
    Essmayr, W., Kastner, F., Preishuber, S., et al.: Access controls for federated database environments-taxonomy of design choices. In: Joint IFIP TC 6 & 11 Working Conference on Communications and Multimedia Security Chapman & Hall, Graz, Austria, Septemper 1995, pp. 117–132 (1995)Google Scholar
  3. 3.
    Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proc. of ACM SIGMOD Conference on Management of Data, pp. 474–485 (1997)Google Scholar
  4. 4.
    Lunt, T.F., Denning, D.E., Scheel, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. on Software Engineering 16(6), 593–607 (1990)CrossRefGoogle Scholar
  5. 5.
    Ruan, C., Varadharajan, V.: Resolving conflicts in authorization delegations, 2002. In: Proceedings of the 7th Australasian Conference on Information Security and Privacy, pp. 271–285 (2002)Google Scholar
  6. 6.
    Sandhu, R., Samarati, P.: Access control: Principles and practice. IEEE Communications 32(9), 40–48 (1994)CrossRefGoogle Scholar
  7. 7.
    Satyanarayanan, M.: Interating security in a large distributed system. ACM-TOCS 7(3), 247–280 (1989)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Chun Ruan
    • 1
  • Vijay Varadharajan
    • 1
    • 2
  1. 1.School of Computing and Information TechnologyUniversity of Western SydneyPenrith South DCAustralia
  2. 2.Department of ComputingMacquarie UniversityNorth RydeAustralia

Personalised recommendations