On the Security of Delegation in Access Control Systems
Delegation is a mechanism that allows a user A to act on another user B’s behalf by making B’s access rights available to A. It is well recognized as an important mechanism to provide resiliency and flexibility in access control systems, and has gained popularity in the research community. However, most existing literature focuses on modeling and managing delegations. Little work has been done on understanding the impact of delegation on the security of existing access control systems. In particular, no formal notion of security with respect to delegation has been proposed. Many existing access control systems are designed without having delegation in mind. Simply incorporating a delegation module into those systems may cause security breaches.
This paper focuses on the security aspect of delegation in access control systems. We first give examples on how colluding users may abuse the delegation support of access control systems to circumvent security policies, such as separation of duty. As a major contribution, we propose a formal notion of security with respect to delegation in access control systems. After that, we discuss potential mechanisms to enforce security. In particular, we design a novel source-based enforcement mechanism for workflow authorization systems so as to achieve both security and efficiency.
- 1.Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: SACMAT 2005: Proceedings of the tenth ACM symposium on Access control models and technologies, pp. 49–58. ACM Press, New York (2005)Google Scholar
- 2.Barka, E., Sandhu, R.: Framework for role-based delegation models. In: ACSAC 2000: Proceedings of the 16th Annual Computer Security Applications Conference, Washington, DC, USA, p. 168. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
- 3.Barka, E., Sandhu, R.: A role-based delegation model and some extensions (2000)Google Scholar
- 5.Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (SACMAT 2005), Stockholm, Sweden, June 2005, pp. 38–47 (2005)Google Scholar
- 6.Crampton, J., Khambhammettu, H.: Delegation in role-based access control. In: Proceedings of 11th European Symposium on Research in Computer Security (2006)Google Scholar
- 9.Schaad, A.: A framework for organisational control principles. Ph.D Thesis, University of York (2003)Google Scholar
- 10.Tan, K., Crampton, J., Gunter, C.: The consistency of task-based authorization constraints in workflow systems. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), pp. 155–169 (2004)Google Scholar
- 11.Wainer, J., Kumar, A.: A fine-grained, controllable, user-to-user delegation method in rbac. In: SACMAT 2005: Proceedings of the tenth ACM symposium on Access control models and technologies, pp. 59–66. ACM Press, New York (2005)Google Scholar
- 12.Wang, Q., Li, N.: Satisfiability and resiliency in workflow systems. In: Proc. European Symp. on Research in Computer Security (September 2007)Google Scholar
- 13.Wang, Q., Li, N.: On the security of delegation in access control systems. CERIAS Technical Report (July 2008), http://www.cs.purdue.edu/homes/wangq/papers/delegation.pdf
- 14.Warner, J., Atluri, V.: Inter-instance authorization constraints for secure workflow management. In: Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 190–199 (2006)Google Scholar
- 16.Zhang, X., Oh, S., Sandhu, R.: Pbdm: a flexible delegation model in rbac. In: SACMAT 2003: Proceedings of the eighth ACM symposium on Access control models and technologies, pp. 149–157. ACM Press, New York (2003)Google Scholar