OSDM: An Organizational Supervised Delegation Model for RBAC

  • Nezar Nassr
  • Nidal Aboudagga
  • Eric Steegmans
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7483)


The dynamic nature of operations in organizations has led to an interest in roles and permissions delegation to enable a seamless continuity of business. Delegation involves assigning a given set of access rights from one user to another. In existing role delegation models, delegation is often authorized and controlled by a relation that specifies who can delegate to whom. The usage of such relations in delegation models has some disadvantages; such as complexity of maintenance, error proneness, inconsistencies and inabilities to define some organizational policies related to delegation. In this paper, we propose a new delegation model that depends on organizational lines of authority to authorize and control delegation. The main advantages of this approach are that it simplifies the management of delegation authorization and complies with organizational behavior. Furthermore, it eliminates inconsistencies related to changes to roles and permissions.


Access Control RBAC Delegation Revocation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)Google Scholar
  2. 2.
    Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Sec. 7(2), 123–136 (2008)CrossRefGoogle Scholar
  3. 3.
    Barka, E., Sandhu, R.: A Role-based Delegation Model and Some Extensions. In: Proceedings of 23rd National Information System Security Conference, Baltimore, pp. 101–114 (2000)Google Scholar
  4. 4.
    Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Zhang, L., Ahn, G., Chu, B.: A Rule-based framework for role-based delegation. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, pp. 153–162 (2001)Google Scholar
  6. 6.
    Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 149–157. ACM, New York (2003)CrossRefGoogle Scholar
  7. 7.
    Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010), pp. 109–118. ACM, New York (2010)CrossRefGoogle Scholar
  8. 8.
    Schermerhorn, J., Osborn, R., Uhl-Bien, M.: Organizational Behavior, 12th edn., p. 377. Wiley (2011)Google Scholar
  9. 9.
    Harris, M., Raviv, A.: Organization Design. Management Science INFORMS 48(7), 852–865 (2002)Google Scholar
  10. 10.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Wood, C., Fernandez, E.B.: Authorization in a Decentralized Database System. In: Proceedings of the 5th International Conference on Very Large Databases, Rio de Janeiro, pp. 352–359 (1979)Google Scholar
  12. 12.
    Griffiths, P.A., Wade, B.W.: An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems (TODS) TODS Homepage Archive 1(3), 242–255 (1976)CrossRefGoogle Scholar
  13. 13.
    Majetic, I., Leiss, E.L.: Authorization and Revocation in Object-Oriented Databases. IEEE Transactions on Knowledge and Data Engineering 9(4), 668–672 (1997)CrossRefGoogle Scholar
  14. 14.
    Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000). IEEE Computer Society, Washington, DC (2000)Google Scholar
  15. 15.
    Zhang, L., Ahn, G., Chu, B.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6(3), 404–441 (2003)CrossRefGoogle Scholar
  16. 16.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models, CA, USA, pp. 38–47. IEEE Computer Society (1996)Google Scholar
  17. 17.
    Fernandez, E.B., Wu, J., Fernandez, M.H.: User group structures in object-oriented databases. In: Proc. 8th Annual IFIP W.G.11.3 Working Conference on Database Security, Bad Salzdetfurth, Germany. Database Security, VIII - Status and prospects, vol. 60, pp. 57–76 (August 1994)Google Scholar
  18. 18.
    ANSI INCITS 359, Standard for Role Based Access Control (2004)Google Scholar
  19. 19.
    Lee, H.-H., Lee, Y.L., Noh, B.-N.: A Framework for Modeling Organization Structure in Role Engineering. In: Dongarra, J., Madsen, K., Waśniewski, J. (eds.) PARA 2004. LNCS, vol. 3732, pp. 1017–1024. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Nassr, N., Steegmans, E.: ROAC: A Role-Oriented Access Control Model. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 113–127. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    OMG: The Unified Modelling Language. OMG Available Spec. Version 2.2 (February 2009),
  22. 22.
    OMG: Object Constraint Language. OMG Available Spec. Version 2.0 (May 2006),
  23. 23.
    Moffett, J., Lupu, E.: The uses of role hierarchies in access control. In: Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), pp. 153–160. ACM, New York (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nezar Nassr
    • 1
  • Nidal Aboudagga
    • 2
  • Eric Steegmans
    • 1
  1. 1.Dept. of Computer Science and EngineeringKatholieke Universiteit LeuvenLeuvenBelgium
  2. 2.SecureICTBelgium

Personalised recommendations