Revocation Schemes for Delegation Licences

  • Meriam Ben-Ghorbel-Talbi
  • Frédéric Cuppens
  • Nora Cuppens-Boulahia
  • Adel Bouhoula
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5308)


The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform revocation and how to manage the revocation policy. We show how to deal with these two aspects in the delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several delegation types, such as the delegation or transfer of permissions and roles, multi-step delegation and temporary delegation. We state formally in this paper how to manage the revocation of these delegation schemes. Our model supports a wide spectrum of revocation dimensions such as propagation, dominance, dependency, automatic/user revocation, transfer revocation and role/permission revocation.


Access Control Model Role Assignment Grant Option Delegation Model Revocation Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing Delegation in Access Control Models. In: Proceedings of the 15th International Conference on Advanced Computing and Communications (ADCOM 2007), Guwahati, Inde, pp. 744–751. IEEE Computer Society Press, Los Alamitos (2007)CrossRefGoogle Scholar
  2. 2.
    Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Multi-Granular Licences to Decentralize Security Administration. In: Proceedings of the First international workshop on reliability, availability and security (SSS/WRAS 2007), Paris, France (November 2007)Google Scholar
  3. 3.
    Barka, E., Sandhu, R.: A Role-based Delegation Model and Some Extensions. In: Proceedings of the 23rd National Information Systems Security Conference (NISSC 2000), Baltimore, MD (October 2000)Google Scholar
  4. 4.
    Hagström, Å, Jajodia, S., Parisi-Persicce, F., Wijesekera, D.: Revocation - a Classification. In: Proceedings of the 14th Computer Security Foundation Workshop (CSFW 2001), Cape Breton, Nova Scotia, Canada, IEEE Computer Society, Los Alamitos (2001)Google Scholar
  5. 5.
    Abou-El-Kalam, A., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization Based Access Control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003). IEEE Computer Society, Los Alamitos (2003)Google Scholar
  6. 6.
    Cuppens, F., Miège, A.: Administration Model for Or-BAC. International Journal of Computer Systems Science and Engineering (CSSE) 19(3) (May 2004)Google Scholar
  7. 7.
    Cuppens, F., Cuppens-Boulahia, N., Miège, A.: Inheritance Hierarchies in the Or-BAC Model and Application in a Network Environment. In: Proceedings of the 3rd Workshop on Foundations of Computer Security (FCS 2004), Turku, Finland (July 2004)Google Scholar
  8. 8.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security (November 2007)Google Scholar
  9. 9.
    Firozabadi, B.S., Sergot, M.: Revocation Schemes for Delegated Authorities. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  10. 10.
    Nguyen, T.A., Su, L., Inman, G., Chadwick, D.: Flexible and Manageable Delegation of Authority in RBAC. In: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007). IEEE Computer Society, Los Alamitos (2007)Google Scholar
  11. 11.
    Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: A Formal Security Model of Delegation and Revocation in Workflow Systems. Information Systems 32(3), 365–384 (2007)CrossRefGoogle Scholar
  12. 12.
    Wei, Y., Shu, Q.: A Delegation-Based Workflow Access Control Model. In: Proceedings of the First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007). IEEE Computer Society, Los Alamitos (2007)Google Scholar
  13. 13.
    Barka, E., Sandhu, R.: Role-Based Delegation Model/ Hierarchical Roles (RBDM1). In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona (December 2004)Google Scholar
  14. 14.
    Lee, Y., Park, J., Lee, H., Noh, B.: A Rule-Based Delegation Model for Restricted Permission Inheritance RBAC. In: Proceedings of the 2nd International Conference (ACNS 2004), Yellow Mountain (June 2004)Google Scholar
  15. 15.
    Zhang, L., Ahn, G.-J., Chu, B.-T.: A Rule-Based Framework for Role-Based Delegation and Revocation. ACM Transactions on Information and System Security (TISSEC) 6, 404–441 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Meriam Ben-Ghorbel-Talbi
    • 1
    • 2
  • Frédéric Cuppens
    • 1
  • Nora Cuppens-Boulahia
    • 1
  • Adel Bouhoula
    • 2
  1. 1.Institut TELECOM/TELECOM BretagneCesson Sévigné CedexFrance
  2. 2.SUP’COM TunisArianaTunisie

Personalised recommendations