Proposal of a Dynamic Access Control Model Based on Roles and Delegation for Intelligent Systems Using Realm

  • Jeanne Roux Ngo BilongEmail author
  • Cheikhane Seyed
  • Gervais Mendy
  • Samuel Ouya
  • Ibrahima Gaye
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 916)


Delegation is an element of administration that remains important in access control systems. Although widely used, delegation is very little taken into account in security policies because of its complexity. The models proposed so far are extensions of the RBAC model. Role-based access controls documentation does not reveals sufficient studies of delegation requirements for role and task. To address this problem, we propose a hybrid model called Role and delegation Based Dynamic Access Control (RDBDAC), which dynamically manage user role updates and task delegation, taking into account parameters such as the level of trust and temporal context. We show that our approach is flexible and sufficient to handle all delegation requirements. For a better expressivity of our model, we use non-monotonic logic T-JClassicδε which make it possible to specify non-monotonic authorizations and a better representation of the temporal aspects specific to a given delegation. For the model application, we used Realm, a role-based access controls management tool. However, it has some shortcomings for information system administrators in terms of dynamically updating roles assigned to different actors. To solve this problem, we interfaced a middleware between the Realm tool and the users, to facilitate the management of the update of the roles on a virtual university platform.


Access control Role Delegation Trust level Realm 


  1. 1.
    Zerkouk, M.: Modèles de contrôle d’accès dynamiques (Doctoral dissertation, University of Sciences and Technology in Oran) (2015)Google Scholar
  2. 2.
    El Kalam, A.A., et al.: Or-BAC: un modèle de contrôle d’accès basé sur les organisations. Cahiers francophones de la recherche en sécurité de l’information 1, 30–43 (2003)Google Scholar
  3. 3.
    Bettaz, O., Boustia, N., Mokhtari, A.: Dynamic delegation based on temporal context. Procedia Comput. Sci. 96, 245–254 (2016)CrossRefGoogle Scholar
  4. 4.
    Abakar, M.A.: Etude et mise en oeuvre d’une architecture pour l’authentification et la gestion de documents numériques certifiés: application dans le contexte des services en ligne pour le grand public (Doctoral dissertation, Saint Etienne) (2012)Google Scholar
  5. 5.
    Ennahbaoui, M.: Contributions aux contrôles d’accès dans la sécurité des systèmes d’information (2016)Google Scholar
  6. 6.
    Ghorbel-Talbi, M.B., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing delegation in access control models. In: International Conference on Advanced Computing and Communications, 2007. ADCOM 2007, pp. 744–751. IEEE (2007)Google Scholar
  7. 7.
    Ray, I., Mulamba, D., Ray, I., Han, K.J.: A model for trust-based access control and delegation in mobile clouds. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 242–257. Springer, Berlin, Heidelberg (2013)Google Scholar
  8. 8.
    Zhang, L., Ahn, G.J., Chu, B.T.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. (TISSEC) 6(3), 404–441 (2003)CrossRefGoogle Scholar
  9. 9.
    Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 49–58. ACM (2006)Google Scholar
  10. 10.
    Miege, A.: Definition of a formal framework for specifying security policies. The Or-BAC model and extensions (Doctoral dissertation, Télécom ParisTech) (2005)Google Scholar
  11. 11.
    El Kalam, A.A., Deswarte, Y.: Security model for health care computing and communication systems. In: IFIP International Information Security Conference, pp. 277–288. Springer, Boston, MA (2003)Google Scholar
  12. 12.
    Artale, A., Franconi, E.: A survey of temporal extensions of description logics. Ann. Math. Artif. Intell. 30(1–4), 171–210 (2000)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conference, Vol. 4, pp. 49–58 (2000)Google Scholar
  14. 14.
    Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 191–233 (2001)CrossRefGoogle Scholar
  15. 15.
    Wiggers, C., et al.: Professional Apache Tomcat. Wiley (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Jeanne Roux Ngo Bilong
    • 1
    Email author
  • Cheikhane Seyed
    • 1
  • Gervais Mendy
    • 1
  • Samuel Ouya
    • 1
  • Ibrahima Gaye
    • 1
  1. 1.Cheikh Anta Diop UniversityDakarSenegal

Personalised recommendations