Skip to main content

OSDM: An Organizational Supervised Delegation Model for RBAC

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7483)

Abstract

The dynamic nature of operations in organizations has led to an interest in roles and permissions delegation to enable a seamless continuity of business. Delegation involves assigning a given set of access rights from one user to another. In existing role delegation models, delegation is often authorized and controlled by a relation that specifies who can delegate to whom. The usage of such relations in delegation models has some disadvantages; such as complexity of maintenance, error proneness, inconsistencies and inabilities to define some organizational policies related to delegation. In this paper, we propose a new delegation model that depends on organizational lines of authority to authorize and control delegation. The main advantages of this approach are that it simplifies the management of delegation authorization and complies with organizational behavior. Furthermore, it eliminates inconsistencies related to changes to roles and permissions.

Keywords

  • Access Control
  • RBAC
  • Delegation
  • Revocation

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)

    Google Scholar 

  2. Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Sec. 7(2), 123–136 (2008)

    CrossRef  Google Scholar 

  3. Barka, E., Sandhu, R.: A Role-based Delegation Model and Some Extensions. In: Proceedings of 23rd National Information System Security Conference, Baltimore, pp. 101–114 (2000)

    Google Scholar 

  4. Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  5. Zhang, L., Ahn, G., Chu, B.: A Rule-based framework for role-based delegation. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, pp. 153–162 (2001)

    Google Scholar 

  6. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 149–157. ACM, New York (2003)

    CrossRef  Google Scholar 

  7. Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010), pp. 109–118. ACM, New York (2010)

    CrossRef  Google Scholar 

  8. Schermerhorn, J., Osborn, R., Uhl-Bien, M.: Organizational Behavior, 12th edn., p. 377. Wiley (2011)

    Google Scholar 

  9. Harris, M., Raviv, A.: Organization Design. Management Science INFORMS 48(7), 852–865 (2002)

    Google Scholar 

  10. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)

    CrossRef  MathSciNet  MATH  Google Scholar 

  11. Wood, C., Fernandez, E.B.: Authorization in a Decentralized Database System. In: Proceedings of the 5th International Conference on Very Large Databases, Rio de Janeiro, pp. 352–359 (1979)

    Google Scholar 

  12. Griffiths, P.A., Wade, B.W.: An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems (TODS) TODS Homepage Archive 1(3), 242–255 (1976)

    CrossRef  Google Scholar 

  13. Majetic, I., Leiss, E.L.: Authorization and Revocation in Object-Oriented Databases. IEEE Transactions on Knowledge and Data Engineering 9(4), 668–672 (1997)

    CrossRef  Google Scholar 

  14. Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000). IEEE Computer Society, Washington, DC (2000)

    Google Scholar 

  15. Zhang, L., Ahn, G., Chu, B.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6(3), 404–441 (2003)

    CrossRef  Google Scholar 

  16. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models, CA, USA, pp. 38–47. IEEE Computer Society (1996)

    Google Scholar 

  17. Fernandez, E.B., Wu, J., Fernandez, M.H.: User group structures in object-oriented databases. In: Proc. 8th Annual IFIP W.G.11.3 Working Conference on Database Security, Bad Salzdetfurth, Germany. Database Security, VIII - Status and prospects, vol. 60, pp. 57–76 (August 1994)

    Google Scholar 

  18. ANSI INCITS 359, Standard for Role Based Access Control (2004)

    Google Scholar 

  19. Lee, H.-H., Lee, Y.L., Noh, B.-N.: A Framework for Modeling Organization Structure in Role Engineering. In: Dongarra, J., Madsen, K., Waśniewski, J. (eds.) PARA 2004. LNCS, vol. 3732, pp. 1017–1024. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  20. Nassr, N., Steegmans, E.: ROAC: A Role-Oriented Access Control Model. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 113–127. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  21. OMG: The Unified Modelling Language. OMG Available Spec. Version 2.2 (February 2009), http://www.omg.org/spec/UML/2.2/

  22. OMG: Object Constraint Language. OMG Available Spec. Version 2.0 (May 2006), http://www.omg.org/spec/OCL/2.0/

  23. Moffett, J., Lupu, E.: The uses of role hierarchies in access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), pp. 153–160. ACM, New York (1999)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nassr, N., Aboudagga, N., Steegmans, E. (2012). OSDM: An Organizational Supervised Delegation Model for RBAC. In: Gollmann, D., Freiling, F.C. (eds) Information Security. ISC 2012. Lecture Notes in Computer Science, vol 7483. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33383-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33383-5_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33382-8

  • Online ISBN: 978-3-642-33383-5

  • eBook Packages: Computer ScienceComputer Science (R0)