Abstract
Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ardagna, C.A., De Capitani di Vimercati, S., Grandison, T., Jajodia, S., Samarati, P.: Regulating exceptions in healthcare using policy spaces. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 254–267. Springer, Heidelberg (2008)
Blaze, M.: A cryptographic file system for UNIX. In: 1st ACM Conference on Computer and Communications Security, pp. 9–16 (1993)
Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 329–339 (May 1989)
Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: SACMAT 2009: Proceedings of the 14th ACM symposium on Access control models and technologies, pp. 197–206. ACM, New York (2009)
Brucker, A.D., Petritsch, H., Schaad, A.: Delegation assistance. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 84–91 (2009)
Chander, A., Mitchell, J.C., Dean, D.: A state-transition model of trust management and access control. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 27–43. IEEE Computer Society Press, Los Alamitos (2001)
Crampton, J.: Applying hierarchical and role-based access control to XML documents. In: Proceedings of 2004 ACM Workshop on Secure Web Services, pp. 41–50 (2004)
Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 38–47 (2005)
Crampton, J., Martin, K.M., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems 35(2) (2010)
Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–243 (1976)
Ferraiolo, D.F., Kuhn, D.R.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference, pp. 554–563 (1992)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: Proceedings of Second ACM Workshop on Role-Based Access Control, pp. 153–159 (1997)
Habib, L., Jaume, M., Morisset, C.: Formal definition and comparison of access control models. Journal of Information Assurance and Security 4, 372–381 (2009)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: SACMAT 2010: Proceeding of the 15th ACM Symposium on Access Control Models and Technologies, pp. 109–118. ACM, New York (2010)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of Policies for Distributed Systems and Networks, Como, Italy, pp. 120–131 (June 2003)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proceedings of the FAST 2003 Conference on File and Storage Technologies, pp. 29–42 (2003)
Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University, Princeton (1971)
LaPadula, L.J., Bell, D.E.: Secure Computer Systems: A Mathematical Model. Journal of Computer Security 4, 239–263 (1996)
Mavridis, I., Pangalos, G.: eMEDAC: Role-based access control supporting discretionary and mandatory features. In: Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security, pp. 63–78 (1999)
G. Miklau and D. Suciu. Controlling access to published data using cryptography. In Proceedings of 29th International Conference on Very Large Data Bases (VLDB 2003), pages 898–909, 2003.
Osborn, S.L., Sandhu, R.S., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Reid, J., Cheong, I., Henricksen, M., Smith, J.: A novel use of RBAC to protect privacy in distributed health care information systems. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy, pp. 403–415 (2003)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12, 455–485 (2003)
Wang, Q., Li, N.: Satisfiability and resiliency in workflow systems. In: Proceedings of 12th European Symposium on Research in Computer Security, pp. 90–105 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crampton, J., Morisset, C. (2011). An Auto-delegation Mechanism for Access Control Systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)