A Review of Delegation and Break-Glass Models for Flexible Access Control Management

  • Sigrid Schefer-Wenzl
  • Helena Bukvova
  • Mark Strembeck
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 183)

Abstract

Access control models provide important means for the systematic specification and management of the permissions in a business information system. While there are may well-known access control models (e.g., RBAC), standard access control models are often not suited for handling exceptional situations. The demand to increase the flexibility of access management has been approached mainly via the development of delegation models and break-glass models. This paper presents the results of a literature review of 329 delegation and break-glass approaches. We give an overview on the existing body of scientific literature in these two areas and compare 35 selected approaches in detail. We reveal different ways of providing delegation and break-glass concepts in general as well as in the context of business process management. Moreover, we identify different sub-topics that have not yet been addressed in detail and thus provide opportunities for future research.

Keywords

Access control Beak-glass Business processes Delegation 

1 Introduction

Process-aware business information systems can be configured via process models that define all expected execution paths for each business process (see, e.g., [39]). In this context, corresponding access control models specify which subjects are authorized to perform the tasks that are included in the business processes (see, e.g., [40]). While this approach is well suited for process instances that conform to one of the expected (and therefore pre-defined) execution scenarios, it causes problems when dealing with exceptional situations, e.g., when no authorized subject is available to execute a particular task in case of emergency (see, e.g., [42]). This is because traditional access control policies, such as role-based access control (RBAC) (see, e.g., [27]), often cannot be configured to adequately address exceptional and unpredictable situations.

Delegation and break-glass policies provide two well-established mechanisms that help to increase the flexibility of access control mechanisms, while at the same time maintaining a certain security level. Delegation policies enable subjects to transfer their tasks, duties, or roles to another subject (see, e.g., [12, 32]). Subsequently, a subject receiving a delegation (the delegatee) will act on behalf of the delegating subject (the delegator). Break-glass policies (see, e.g., [15, 24, 30]) have been introduced to flexibly handle emergency situations by breaking or overriding the standard access permissions in a controlled manner. A break-glass policy allows a subject to perform an action under certain conditions even though he/she was not previously authorized to do so. Due to an increasing interest in flexible access management, a variety of different approaches was published offering different features for different application domains. However, the increasing number of such approaches also make it difficult for organizations to select an approach that fits their needs as well as for researchers to keep an overview of existing literature.

The contribution of this paper is threefold. First, we provide a state-of-the art overview of approaches for delegation and break-glass policies. We present a survey of 329 publications in this research area (see Sect. 2), providing insight into the development of this field and showing its emerging importance. Second, we compare different approaches for delegation and break-glass policies, distinguishing between approaches that are concerned with delegation and break-glass in general and approaches concerned explicitly with the context of business processes and workflows (see Sects. 3 and 4). Third, by comparing approaches from selected key articles in detail, we provide a foundation for the informed selection of suitable delegation and break-glass models as well as for evaluating future research in this area (see Sect. 5).

2 Development of the Research Area

In order to identify relevant delegation and break-glass models, we have carried out a systematic literature review (see, e.g., [23, 43]). We have searched seven databases and digital libraries that index scientific articles in information systems and computer science: ACM Digital Library, IEEE Digital Library, Springer Link, AIS Electronic Library, CiteSeerX Scientific Literature Digital Library, and DBLP. The databases were searched for articles containing in their full-text at least one of our selected search terms (picked based on our previous knowledge of the research area as well as on screening searches): “break-glass”, “break-the-glass”, and “delegation” to find articles focusing on delegation or break glass; “access control”, “emergency”, “flexibility”, “workflow”, and “business process” to find articles addressing approaches for flexible access control in business-process environments and/or for emergency scenarios. The search results were combined and double-entries eliminated. The full-text of the articles was then checked in order to ascertain that the articles fulfill the inclusion criterion: presentation or active discussion of a model for delegation or break-glass procedures. Publications that did not present original research in this area were removed, leaving a sample of 329 publications dealing with delegation (268 articles) and break-glass (61 articles) models. The sample contained a broad selection of articles, originating from different research areas (e.g., health care, access control, workflow management), as well as strong interdependencies (cross-references) among the articles. Hence, we refrained from a further backward reference search, as it would increase the complexity, while at the same time bringing hardly any new approaches into the sample (see [22]).
Fig. 1.

Development of the delegation research topic

The 329 scientific contributions in the sample reflect the current knowledge base on the two research topics. After reviewing these approaches, we have decided to further categorize the sample (besides distinguishing delegation and break-glass) into publications explicitly considering the business process context and publications that discuss break-glass or delegation in general. Figures 1 and 2 visualize the structure of the sample with regard to the yearly publication output. The first comprehensive delegation models were published in the late 90 s (see Fig. 1). These publications then mainly focussed on certificate- and attribute-based delegation models. The amount of publications per year increased constantly with the popularity of role-based access control. Delegation models considering a business process/workflow context were first published in 2001 (see Fig. 1). Again, the number of published models increased every year with a significant peak in 2009, remaining rather constant since then. In comparison, a considerably lower amount of break-glass models has been published. The term “break-glass” model first appears in 2006. However, different earlier publications used other terms for similar models (see Fig. 2). The number of publications constantly increased since 2006, with little peaks in 2010 and 2013. In many years only one or two articles were published considering break-glass models in a business process context. Overall, the increasing total amount of published delegation and break-glass models over the past few years demonstrates the increasing interest in these topics.
Fig. 2.

Development of the break-glass research topic

To provide a better overview of the existing approaches, we have further focused our study by selecting a sub-sample of 35 articles that explicitly aim to evolve approaches for systematic delegation or break-glass procedures. In the following sections, we present an analysis of these approaches by describing for each approach (1) the policy type supported (i.e., delegation or break-glass), (2) the context where the approach can be applied, (3) its main features, (4) the types of entailment constraints supported (focusing on the most prominent examples of entailment constraints are separation of duty (SOD) and binding of duty (BOD) constraints), and (5) which kind of modeling support is provided.

3 Comparison of Delegation Approaches

Figures 3 and 4 summarize the results of our comparison of approaches which are concerned with delegation models for roles, permissions, tasks, and duties in an access control or business process context.

In recent years, there has been much work on various aspects of role-based and permission-based delegation. Barka and Sandhu [4, 5] present RBDM, a framework for characterizing role-based delegation models, which RBDM distinguishes, for instance, between permanent or temporary, partial or total, and single- or multi-step delegation. RDM2000 [44] is an extension of RBDM supporting role-based and multi-step delegation. Furthermore, it proposes a rule-based declarative language to specify and enforce policies, considers SOD constraints, and provides corresponding tool support.
Fig. 3.

Comparison of delegation models

In [45], a permission-based delegation model (PBDM) is presented which allows for the delegation of roles and permissions, using delegation roles. Support for entailment constraints is limited to static separation of duty constraints. In [37], an extension to PBDM is presented to integrate entailment constraints in permission-based delegation. Shang and Wang [37] focus on static SOD constraints and shortly address related conflicts. Moreover, they analyze role-based constraints and do not consider task-based constraints. An approach similar to [45] is presented in [21], where a capability-based delegation model (CRBAC) based on RBAC96 (see [27]) is introduced to support cross-domain delegation of roles and permissions in terms of capability transfer. An approach for the model-based specification of role-based delegation and revocation policies via UML is introduced in [38]. They use standard UML class and object diagrams for graphically visualizing delegation policies.

In addition to roles and permissions, duties or obligations may also be subject to delegation. Obligations define actions which must be performed in order to meet legal or internal regulations. The delegation of obligations has received little attention in literature so far, although it is an important phenomenon [10]. In [32], the delegation of obligations is addressed, mainly motivating the reasons for delegating obligations and stressing the need for balancing authorizations and obligations. Another basic delegation model for obligations has been introduced in [19, 20], considering different kinds of duty-level and role-level delegations, also taking contextual information into account. However, these approaches do not consider the delegation of duties in a business process context or with respect to entailment constraints, corresponding modeling/tool support, or the detection and resolution of related conflicts.
Fig. 4.

Comparison of delegation models in a business process context

Delegation in a business-process or workflow context has received increased attention in recent years (see Sect. 2 and Fig. 4). In [3], the notion of delegation is extended to allow for conditional delegation. Different types of constraints, such as SOD, are addressed in the context of delegation and three types of conflicts and a runtime allocation algorithm are presented. A formal model for role-based and task-based delegation in worklows using the notions of case and organizational unit is described in [41], though it does not discuss the detection and resolution of conflicts. Similar approaches without related modeling support and only limited support for conflict detection are also presented in [11, 12]. The effects of some delegation operations on three workflow execution models are described in [12].

Only few contributions exist which consider entailment constraints and related conflicts in the context of delegation. Gaaloul et al. [16, 17, 18] present a formal approach for integrating task delegation into the RBAC model which also considers SOD and BOD constraints. The approach presented in [16, 17, 18] does not consider the delegation of duties and does not provide a corresponding modeling extension. Crampton and Khambhamettu [11] address the satisfiability problem of workflows in the context of constrained delegation and provide an algorithm that determines whether to permit a delegation request. In [33, 36], an approach to model the delegation of roles, tasks, and duties in UML Activity diagrams is introduced. In addition, algorithms are introduced to systematically check for conflicts. The approach considers SOD and BOD and provides resolution strategies to resolve each conflict type.

4 Comparison of Break-Glass Approaches

Figures 5 and 6 show an overview of selected break-glass approaches in an access control or business process context.
Fig. 5.

Comparison of break-glass models

Several approaches integrate break-glass policies into access control models. For example, the optimistic security principle [26] aims to handle exceptional cases assuming that any access is legitimate and is thus granted. Monitoring and recording functions are provided to guarantee traceability. These functions are implemented using the Clark-Wilson model (see [9]). A similar approach is presented by Ardagna et al. [2], who introduce a break-glass approach based on the definition of emergency policies. if no policy is available, a break-glass override can be granted if the system is in an emergency state and a supervisor can be notified about the override. In both approaches, the enforcement of security policies is retrospective, relying on administrators to detect unreasonable accesses. These approaches causes a significant burden for administrators.

The break-the-glass RBAC (BTG-RBAC) model [14] specifies for each permission-to-role assignment if a break-glass override is allowed. Moreover, obligations can be associated with permissions to define mandatory actions that must be performed in case of a break-glass override. In [6], a break-glass extension for SecureUML is introduced. The resulting SecureUML break-glass policies can then be transformed into XACML. Furthermore, the model allows for the definition of SOD constraints. Another approach for discretionary overriding of access control in XACML policies is introduced in [1]. In particular, a break-glass policy is specified as an XACML override-obligation, which logs the activity, prompts the user for confirmation, and notifies a (pre-defined) authority. This approach offers subject-specific break-glass policies, but does not consider entailment constraints. In [30, 31], a certificate-based approach based on the Privilege Calculus Framework is used to implement a break-glass mechanism. The Secure information sharing break-glass model introduced in [7, 8] uses the Core Event Specification Language for visualising logical definitions and sequences. In comparison to other approaches, emergency policies are only valid temporarily and cannot be triggered by a user but only by the system. Moreover, contextual information is taken into account in access control decisions.
Fig. 6.

Comparison of break-glass models in a business process context

Only few contributions exist to integrate the concept of break-glass policies into a business process context, although such an integration can be very useful [25]. Wainer et al. [40] present an RBAC model for workflow systems (W-RBAC). They extend this model via exception handling functionalities that allow for the controlled overriding of entailment constraints in case of emergency. Furthermore, roles hold override privileges according to their level of responsibility. Subject-specific break-glass policies are not supported in the W-RBAC model, and corresponding modeling support is not provided.

Several other approaches exist that deal with process adaptations and process evolutions in order to flexibly handle different types of exceptions in process-aware information systems. For example, [28] provides a formal model to support dynamic structural changes of process instances. A set of change operations is defined that can be applied by users in order to modify a process instance execution path, while maintaining its structural correctness and consistency. In [42], change patterns and change support features are identified and several process management systems are evaluated regarding their ability to support process changes. Exception handling via structural adaptations of process models are also considered in [29]. In particular, several correctness criteria and their application to specific process meta models are discussed. All these approaches have in common that processes must be changed in order to handle exceptional situations. A different approach is presented in [34, 35], where the main goal is to maintain the designed process flow, while ensuring that only authorized subjects are allowed to participate in a workflow. Moreover, [34, 35] also offer modeling and tool support for business processes and related break-glass policies.

5 Conclusion

In this paper, we presented a comparison of different delegation and break-glass models that provide means to systematically increase the flexibility of access control models. Based on a systematic literature review, we performed an in-depth review and a detailed discussion of 35 key articles in these areas. The corresponding comparison includes the essential characteristics of the different approaches and can provide decision support for practitioners and researchers when selecting one of these approaches.

Our work shows that the demand for increasing the flexibility of access control (in general as well as in a business process context) remains a lively and important research topic. So far, break-glass models have been researched to a lesser extent than delegation models. However, break-glass approaches do attract attention especially in domains with high demands for a seamless, uninterrupted system operation, such as hospitals. There are also approaches that aim to combine delegation and break-glass mechanisms, e.g., by allowing automatic delegation in case of emergency [13].

Furthermore, access control in a business process context has received less attention in the scientific literature. This may be due to an increased complexity that results from the combination of process flows with corresponding access control policies and access control constraints (such as entailment constraints for example). However, given the importance of the process-oriented approaches, additional research in this area would be of high relevance.

We also found that in many approaches formal metamodels are a key research artefact to integrate delegation and break-glass concepts with access control models. In contrast, visual modelling support (e.g., via respective UML extensions) or corresponding tools were rarely presented. This can make some of the approaches difficult to use and implement in practice. The limited research with regard to delegation and break-glass in business processes as well as the lack of modeling support and tool support are relevant directions for further research.

References

  1. 1.
    Alqatawna, J., Rissanen, E., Sadighi, B.: Overriding of access control in XACML. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (2007)Google Scholar
  2. 2.
    Ardagna, C.A., di Vimercati, S.D.C., Foresti, S., Grandison, T.W., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Comput. Secur. 29(8), 848–858 (2010)CrossRefGoogle Scholar
  3. 3.
    Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT) (2005)Google Scholar
  4. 4.
    Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conference (2000)Google Scholar
  5. 5.
    Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)Google Scholar
  6. 6.
    Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT) (2009)Google Scholar
  7. 7.
    Carminati, B., Ferrari, E., Guglielmi, M.: Secure information sharing on support of emergency management. In: Proceedings of the International Conference on Privacy, Security, Risk and Trust (2011)Google Scholar
  8. 8.
    Carminati, B., Ferrari, E., Guglielmi, M.: SHARE: Secure information sHaring frAmework for emeRgency managemEnt. In: Proceedings of the 29th International Conference on Data Engineering (ICDE) (2013)Google Scholar
  9. 9.
    Clark, D.D., Wilson, D.R.: A comparison of commercial and military security policies. In: IEEE Symposium on Security and Privacy (1987)Google Scholar
  10. 10.
    Cole, J., Derrick, J., Milosevic, Z., Raymond, K.: Author obliged to submit paper before 4 July: policies in an enterprise specification. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 1–17. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT) (2008)Google Scholar
  12. 12.
    Crampton, J., Khambhammettu, H.: On delegation and workflow execution models. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC) (2008)Google Scholar
  13. 13.
    Crampton, J., Morisset, C.: An auto-delegation mechanism for access control systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 1–16. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., Antunes, L.: How to securely break into RBAC: the BTG-RBAC model. In: Proceeings of the 2009 Annual Computer Security Applications Conference (2009)Google Scholar
  15. 15.
    Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D.W., Costa-Pereira, A.: How to break access control in a controlled manner. In: Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems (2006)Google Scholar
  16. 16.
    Gaaloul, K., Charoy, F.: Task delegation based access control models for workflow systems. In: Canals, G., Godart, C., Gronau, N., Sharma, S. (eds.) I3E 2009. IFIP AICT, vol. 305, pp. 400–414. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Gaaloul, K., Proper, E., Charoy, F.: An extended RBAC model for task delegation in workflow systems. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 51–63. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Gaaloul, K., Zahoor, E., Charoy, F., Godart, C.: Dynamic authorisation policies for event-based task delegation. In: Pernici, B. (ed.) CAiSE 2010. LNCS, vol. 6051, pp. 135–149. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Ghorbel-Talbi, M.B., Cuppens, F., Cuppens-Boulahia, N.: Negotiating and delegating obligations. In: Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES) (2010)Google Scholar
  20. 20.
    Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Le Métayer, D., Piolle, G.: Delegation of obligations and responsibility. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 197–209. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT) (2010)Google Scholar
  22. 22.
    Jalali, S., Wohlin, C.: Systematic literature studies: database searches vs. backward snowballing. In: Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM ’12, pp. 29–38. ACM, New York (2012)Google Scholar
  23. 23.
    Kitchenham, B., Brereton, O.P., Budgen, D., Turner, M., Bailey, J., Linkman, S.: Systematic literature reviews in software engineering - a systematic literature review. Inf. Softw. Technol. 51(1), 7–15 (2009)CrossRefGoogle Scholar
  24. 24.
    Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a flexible break-glass access control model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (2011)Google Scholar
  25. 25.
    Nurcan, S.: A survey on the flexibility requirements related to business processes and modeling artifacts. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (2008)Google Scholar
  26. 26.
    Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 Workshop on New Security Paradigms (2000)Google Scholar
  27. 27.
    Ravi Sandhu, H.F., Coyne, E., Youman, C.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRefGoogle Scholar
  28. 28.
    Reichert, M., Dadam, P.: Adept_flexSupporting dynamic changes of workflows without losing control. J. Intell. Inf. Syst. 10(2), 93–129 (1998)CrossRefGoogle Scholar
  29. 29.
    Reichert, M., Rinderle-Ma, S., Dadam, P.: Flexibility in process-aware information systems. In: Jensen, K., van der Aalst, W.M.P. (eds.) ToPNoC II. LNCS, vol. 5460, pp. 115–135. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Rissanen, E.: Towards a mechanism for discretionary overriding of access control (transcript of discussion). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2004. LNCS, vol. 3957, pp. 320–323. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Rissanen, E., Firozabadi, B.S., Sergot, M.: Discretionary overriding of access control in the privilege calculus. In: Dimitrakos, T., Martinelli, F. (eds.) FAST 2005. IFIP, vol. 173, pp. 219–232. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Schaad, A., Moffett, J.D.: Delegation of obligations. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  33. 33.
    Schefer, S., Strembeck, M.: Modeling support for delegating roles, tasks, and duties in a process-related RBAC context. In: Salinesi, C., Pastor, O. (eds.) CAiSE Workshops 2011. LNBIP, vol. 83, pp. 660–667. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  34. 34.
    Schefer-Wenzl, S., Strembeck, M.: A UML extension for modeling break-glass policies. In: Proceedings of the 5th International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA) (2012)Google Scholar
  35. 35.
    Schefer-Wenzl, S., Strembeck, M.: Generic support for RBAC break-glass policies in process-aware information systems. In: Proceedings of the 28th ACM Symposium on Applied Computing (SAC) (2013)Google Scholar
  36. 36.
    Schefer-Wenzl, S., Strembeck, M., Baumgrass, A.: An approach for consistent delegation in process-aware information systems. In: Abramowicz, W., Kriksciuniene, D., Sakalauskas, V. (eds.) BIS 2012. LNBIP, vol. 117, pp. 60–71. Springer, Heidelberg (2012)Google Scholar
  37. 37.
    Shang, Q., Wang, X.: Constraints for permission-based delegations. In: Proceedings of the 8th IEEE International Conference on Computer and Information Technology Workshops (2008)Google Scholar
  38. 38.
    Sohr, K., Kuhlmann, M., Gogolla, M., Hu, H., Ahn, G.-J.: Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL. Inf. Softw. Technol. 54(12), 1396–1417 (2012)CrossRefGoogle Scholar
  39. 39.
    van der Aalst, W.M.P., Rosemann, M., Dumas, M.: Deadline-based escalation in process-aware information systems. Decis. Support Syst. 43, 492–511 (2007)CrossRefGoogle Scholar
  40. 40.
    Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Syst. (IJCIS) 12(4), 455–485 (2003)CrossRefGoogle Scholar
  41. 41.
    Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: a formal security model of delegation and revocation in workflow systems. Inf. Syst. 32(3), 365–384 (2007)CrossRefGoogle Scholar
  42. 42.
    Weber, B., Rinderle, S., Reichert, M.: Change patterns and change support features in process-aware information systems. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 574–588. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  43. 43.
    Zhang, H., Babar, M.A.: Systematic reviews in software engineering: an empirical investigation. Inf. Softw. Technol. 55(7), 1341–1354 (2013)CrossRefGoogle Scholar
  44. 44.
    Zhang, L., Ahn, G.-J., Chu, B.-T.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6, 404–441 (2003)CrossRefGoogle Scholar
  45. 45.
    Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (2003)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Sigrid Schefer-Wenzl
    • 1
    • 2
  • Helena Bukvova
    • 2
  • Mark Strembeck
    • 2
  1. 1.Competence Center for IT-SecurityUniversity of Applied Sciences Campus ViennaViennaAustria
  2. 2.Institute for Information Systems, New Media LabWU ViennaViennaAustria

Personalised recommendations