Abstract
The dynamic nature of operations in organizations has led to an interest in roles and permissions delegation to enable a seamless continuity of business. Delegation involves assigning a given set of access rights from one user to another. In existing role delegation models, delegation is often authorized and controlled by a relation that specifies who can delegate to whom. The usage of such relations in delegation models has some disadvantages; such as complexity of maintenance, error proneness, inconsistencies and inabilities to define some organizational policies related to delegation. In this paper, we propose a new delegation model that depends on organizational lines of authority to authorize and control delegation. The main advantages of this approach are that it simplifies the management of delegation authorization and complies with organizational behavior. Furthermore, it eliminates inconsistencies related to changes to roles and permissions.
Keywords
- Access Control
- RBAC
- Delegation
- Revocation
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)
Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Sec. 7(2), 123–136 (2008)
Barka, E., Sandhu, R.: A Role-based Delegation Model and Some Extensions. In: Proceedings of 23rd National Information System Security Conference, Baltimore, pp. 101–114 (2000)
Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)
Zhang, L., Ahn, G., Chu, B.: A Rule-based framework for role-based delegation. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, pp. 153–162 (2001)
Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 149–157. ACM, New York (2003)
Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010), pp. 109–118. ACM, New York (2010)
Schermerhorn, J., Osborn, R., Uhl-Bien, M.: Organizational Behavior, 12th edn., p. 377. Wiley (2011)
Harris, M., Raviv, A.: Organization Design. Management Science INFORMS 48(7), 852–865 (2002)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Wood, C., Fernandez, E.B.: Authorization in a Decentralized Database System. In: Proceedings of the 5th International Conference on Very Large Databases, Rio de Janeiro, pp. 352–359 (1979)
Griffiths, P.A., Wade, B.W.: An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems (TODS) TODS Homepage Archive 1(3), 242–255 (1976)
Majetic, I., Leiss, E.L.: Authorization and Revocation in Object-Oriented Databases. IEEE Transactions on Knowledge and Data Engineering 9(4), 668–672 (1997)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000). IEEE Computer Society, Washington, DC (2000)
Zhang, L., Ahn, G., Chu, B.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6(3), 404–441 (2003)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models, CA, USA, pp. 38–47. IEEE Computer Society (1996)
Fernandez, E.B., Wu, J., Fernandez, M.H.: User group structures in object-oriented databases. In: Proc. 8th Annual IFIP W.G.11.3 Working Conference on Database Security, Bad Salzdetfurth, Germany. Database Security, VIII - Status and prospects, vol. 60, pp. 57–76 (August 1994)
ANSI INCITS 359, Standard for Role Based Access Control (2004)
Lee, H.-H., Lee, Y.L., Noh, B.-N.: A Framework for Modeling Organization Structure in Role Engineering. In: Dongarra, J., Madsen, K., Waśniewski, J. (eds.) PARA 2004. LNCS, vol. 3732, pp. 1017–1024. Springer, Heidelberg (2006)
Nassr, N., Steegmans, E.: ROAC: A Role-Oriented Access Control Model. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 113–127. Springer, Heidelberg (2012)
OMG: The Unified Modelling Language. OMG Available Spec. Version 2.2 (February 2009), http://www.omg.org/spec/UML/2.2/
OMG: Object Constraint Language. OMG Available Spec. Version 2.0 (May 2006), http://www.omg.org/spec/OCL/2.0/
Moffett, J., Lupu, E.: The uses of role hierarchies in access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), pp. 153–160. ACM, New York (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nassr, N., Aboudagga, N., Steegmans, E. (2012). OSDM: An Organizational Supervised Delegation Model for RBAC. In: Gollmann, D., Freiling, F.C. (eds) Information Security. ISC 2012. Lecture Notes in Computer Science, vol 7483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33383-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-33383-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33382-8
Online ISBN: 978-3-642-33383-5
eBook Packages: Computer ScienceComputer Science (R0)
