Skip to main content
SpringerLink
Log in

An Auto-delegation Mechanism for Access Control Systems

  • Conference paper
Security and Trust Management (STM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6710))

Included in the following conference series:

Abstract

Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ardagna, C.A., De Capitani di Vimercati, S., Grandison, T., Jajodia, S., Samarati, P.: Regulating exceptions in healthcare using policy spaces. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 254–267. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Blaze, M.: A cryptographic file system for UNIX. In: 1st ACM Conference on Computer and Communications Security, pp. 9–16 (1993)

    Google Scholar 

  3. Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 329–339 (May 1989)

    Google Scholar 

  4. Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: SACMAT 2009: Proceedings of the 14th ACM symposium on Access control models and technologies, pp. 197–206. ACM, New York (2009)

    Google Scholar 

  5. Brucker, A.D., Petritsch, H., Schaad, A.: Delegation assistance. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 84–91 (2009)

    Google Scholar 

  6. Chander, A., Mitchell, J.C., Dean, D.: A state-transition model of trust management and access control. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 27–43. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  7. Crampton, J.: Applying hierarchical and role-based access control to XML documents. In: Proceedings of 2004 ACM Workshop on Secure Web Services, pp. 41–50 (2004)

    Google Scholar 

  8. Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 38–47 (2005)

    Google Scholar 

  9. Crampton, J., Martin, K.M., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)

    Google Scholar 

  10. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems 35(2) (2010)

    Google Scholar 

  11. Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  12. Ferraiolo, D.F., Kuhn, D.R.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  13. Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of Second ACM Workshop on Role-Based Access Control, pp. 153–159 (1997)

    Google Scholar 

  14. Habib, L., Jaume, M., Morisset, C.: Formal definition and comparison of access control models. Journal of Information Assurance and Security 4, 372–381 (2009)

    Google Scholar 

  15. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  16. Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: SACMAT 2010: Proceeding of the 15th ACM Symposium on Access Control Models and Technologies, pp. 109–118. ACM, New York (2010)

    Google Scholar 

  17. Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of Policies for Distributed Systems and Networks, Como, Italy, pp. 120–131 (June 2003)

    Google Scholar 

  18. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proceedings of the FAST 2003 Conference on File and Storage Technologies, pp. 29–42 (2003)

    Google Scholar 

  19. Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University, Princeton (1971)

    Google Scholar 

  20. LaPadula, L.J., Bell, D.E.: Secure Computer Systems: A Mathematical Model. Journal of Computer Security 4, 239–263 (1996)

    Article  Google Scholar 

  21. Mavridis, I., Pangalos, G.: eMEDAC: Role-based access control supporting discretionary and mandatory features. In: Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security, pp. 63–78 (1999)

    Google Scholar 

  22. G. Miklau and D. Suciu. Controlling access to published data using cryptography. In Proceedings of 29th International Conference on Very Large Data Bases (VLDB 2003), pages 898–909, 2003.

    Google Scholar 

  23. Osborn, S.L., Sandhu, R.S., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)

    Article  Google Scholar 

  24. Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of RBAC to protect privacy in distributed health care information systems. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy, pp. 403–415 (2003)

    Google Scholar 

  25. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  26. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12, 455–485 (2003)

    Article  Google Scholar 

  27. Wang, Q., Li, N.: Satisfiability and resiliency in workflow systems. In: Proceedings of 12th European Symposium on Research in Computer Security, pp. 90–105 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K.

    Jason Crampton & Charles Morisset

Authors
  1. Jason Crampton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charles Morisset
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Siemens AG - Corporate Technology, Otto-Hahn-Ring 6, 81730, München, Germany

    Jorge Cuellar

  2. Computer Science Department, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos, 29170, Malaga, Spain

    Javier Lopez

  3. Facultad de Informatica (UPM), Fundación IMDEA Software, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  4. Certifiable Trustworthy IT Systems, Karlsruhe Institute of Technology (KIT), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Alexander Pretschner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Crampton, J., Morisset, C. (2011). An Auto-delegation Mechanism for Access Control Systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22444-7_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22443-0

  • Online ISBN: 978-3-642-22444-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation