Skip to main content

Role-Based Delegation with Negative Authorization

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNISA,volume 3841)

Abstract

Role-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for RBDM in distributed environment where a conflicting problem may arise when one user grants permission of a role to a delegated user and another user grants the negative permission to the delegated user.

This paper aims to analyse role-based group delegation features that has not studied before, and to provide an approach for the conflicting problem by adopting negative authorization. We present granting and revocation delegating models first, and then discuss user delegation authorization and the impact of negative authorization on role hierarchies.

Keywords

  • Access Control
  • Access Control Model
  • Role Base Access Control
  • Original User
  • Role Hierarchy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/11610113_28
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   189.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-32437-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)

    CrossRef  Google Scholar 

  2. Al-Kahtani, E., Sandhu, R.: Rule-Based RBAC with Negative Authorization. In: 20th Annual Computer Security Applications Conference, Tucson, Arizona, pp. 405–415 (2004)

    Google Scholar 

  3. Aura, T.: Distributed access-rights management with delegation certificates. In: Vitec, J., Jensen, C. (eds.) Security Internet programming, pp. 211–235. Springer, Berlin (1999)

    CrossRef  Google Scholar 

  4. Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceeings of 16th Annual Computer Security Application Conference, Sheraton New Orleans, December 2000, pp. 168–177 (2000a)

    Google Scholar 

  5. Barka, E., Sandhu, R.: Framework for role-based delegation model. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, October 16-19, pp. 101–114 (2000b) (2000)

    Google Scholar 

  6. Barkley, J.F., Beznosov, K., Uppal, J.: Supporting Relationships in Access Control Using Role Based Access Control. In: Fourth ACM Workshop on Role Based Access Control, pp. 55–65 (1999)

    Google Scholar 

  7. Bell, D.E., La Padula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. Technical report ESD-TR-75-306, The Mitre Corporation, Bedford MA, USA (1976)

    Google Scholar 

  8. Bertino, E.P., Samarati, P., Jajodia, S.: An Extended Authorization Model for Relational Databases. IEEE Transactions On Knowledge and Data Engineering 9(1), 145–167 (1997)

    CrossRef  Google Scholar 

  9. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The role of trust management in distributed system security. Security Internet Programming. In: Vitec, J., Jensen, C. (eds.), pp. 185–210. Springer, Berlin (1999)

    Google Scholar 

  10. David, F.F., Dennis, M.G., Nickilyn, L.: An examination of federal and commercial access control policy needs. In: NIST NCSC National Computer Security Conference, Baltimore, MD, pp. 107–116 (1993)

    Google Scholar 

  11. Feinstein, H.L.: Final report: NIST small business innovative research (SBIR) grant: role based access control: phase 1. Technical report. SETA Corporation (1995)

    Google Scholar 

  12. Ferraiolo, D.F., Kuhn, D.R.: Role based access control. In: The proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  13. Lampson, B.W., Abadi, M., Burrows, M.L., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    CrossRef  Google Scholar 

  14. Li, N., Grosof, B.N.: A practically implementation and tractable delegation logic. In: IEEE Symposium on Security and Privacy, pp. 27–42 (May 2000)

    Google Scholar 

  15. Sandhu, R.: Rational for the RBAC 96 family of access control models. In: Proceedings of 1st ACM Workshop on Role-based Access Control, pp. 64–72 (1997)

    Google Scholar 

  16. Sandhu, R.: Role activation hierarchies. In: Third ACM Workshop on RoleBased Access Control, Fairfax, Virginia, United States, pp. 33–40. ACM Press, New York (1998)

    Google Scholar 

  17. Sandhu, R.: Role-Based Access Control. In: Advances in Computers, vol. 46, Academic Press, London (1997)

    Google Scholar 

  18. Wang, H., Cao, J., Zhang, Y.: A flexible payment scheme and its role based access control. IEEE Transactions on Knowledge and Data Engineering 17(3), 425–436 (2005)

    CrossRef  Google Scholar 

  19. Wang, H., Cao, J., Zhang, Y., Varadharajan, V.: Achieving Secure and Flexible M-Services Through Tickets. In: Benatallah, B., Maamar, Z. (eds.) IEEE Transactions Special issue on M-Services. IEEE Transactions on Systems, Man, and Cybernetics. Part A (IEEE 2003), vol. 33(6), pp. 697–708 (2003)

    Google Scholar 

  20. Wang, H., Zhang, Y., Cao, J., Kambayahsi, J.: A global ticket-based access scheme for mobile users, special issue on Object-Oriented Client/Server Internet Environments. Information Systems Frontiers 6(1), 35–46 (2004)

    CrossRef  Google Scholar 

  21. Wang, H., Cao, J., Zhang, Y.: Formal Authorization Allocation Approaches for Role-Based Access Control Based on Relational Algebra Operations. In: The 3nd International Conference on Web Information Systems Engineering (WISE 2002), Singapore, pp. 301–310 (2002)

    Google Scholar 

  22. Wang, H., Sun, L., Zhang, Y., Cao, J.: Authorization Algorithms for the Mobility of User-Role Relationship. In: Proceedings of the 28th Australasian Computer Science Conference (ACSC 2005), pp. 167–176. Australian Computer Society (2005)

    Google Scholar 

  23. Wang, H., Cao, J., Zhang, Y.: Formal authorization approaches for permission-role assignment using relational algebra operations. In: Proceedings of the 14th Australasian Database Conference (ADC 2003), Adelaide, Australia, vol. 25(1), pp. 125–134 (2003)

    Google Scholar 

  24. Wang, H., Cao, J., Zhang, Y.: A Consumer Anonymity Scalable Payment Scheme with Role Based Access Control. In: Proceedings of the 2nd International Conference on Web Information Systems Engineering (WISE 2001), Kyoto, Japan, pp. 73–72 (2001)

    Google Scholar 

  25. Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support for active security. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA, pp. 171–181 (2001)

    Google Scholar 

  26. Zhang, L., Ahn, G., Chu, B.: A Rule-based framework for role-based delegation. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, May 3-4, pp. 153–162 (2001)

    Google Scholar 

  27. Zhang, L., Ahn, G., Chu, B.: A role-based delegation framework for healthcare information systems. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, CA, June 3-4, pp. 125–134 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, H., Cao, J., Ross, D. (2006). Role-Based Delegation with Negative Authorization. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds) Frontiers of WWW Research and Development - APWeb 2006. APWeb 2006. Lecture Notes in Computer Science, vol 3841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11610113_28

Download citation

  • DOI: https://doi.org/10.1007/11610113_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31142-3

  • Online ISBN: 978-3-540-32437-9

  • eBook Packages: Computer ScienceComputer Science (R0)