A Time Constraints Permission Based Delegation Model in RBAC (RBAC을 기반으로 하는 시간제한 권한 위임 모델)

김태식; 장태무

A Time Constraints Permission Based Delegation Model in RBAC

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2010, 15(11), pp.163-171
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

김태식 ¹, 장태무 ¹

¹동국대학교

Accredited

ABSTRACT

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

KEYWORDS

RBAC96, Delegation Model, Time Constraints, TCPBDM

Citation status

* References for papers published after 2023 are currently being built.

[journal] Ravi S Sandhu / 1996 / Role-based Access Control Model / IEEE, : 38~47

[confproc] Gail-Joon Ahn / 2003 / Specification and Classification of Role-based Authorization Policies / In Proceedings of 8th IEEE International Workshop on Enterprise Security(WETICE2003), : 202~207

[confproc] Ezedin Barka / 2000 / Framework for Role-based Delegation Model and Some Extensions / Proceedings of the 23rd NIST-NCSC National Information Systems Security Conference, : 101~114

[confproc] \Ezedin Barka / 2000 / A Role-Based Delegation model and Some Extensions / Proc,Of 23rd National Information System Security Conference(NISSC2000), : 168~176

[journal] Gail Ahn / 2000 / Role-based Authorization Constraints Specification / ACM Trans on Information and System Security, 3(4) : 207~226

[journal] Zhang L, / 2003 / A Rule-based Framework for Role-based Delegation Revocation / ACM Transactions on Information and System Security, 6(3) : 404~441

[confproc] XinWen Zhang, / 2003 / PBDM:A Flexible Delegation Model in RBAC / 8th ACMSympo siumon Access Control Models and Technologies(SACMAT-03), : 149~157

[confproc] Chunxiao Ye / 2004 / An attribute-Based-Delegation-Model / ACM International Confer ence Proceeding Series, Vol. 85, Proceedings of the 3rd international Conference in Information security : 220~221

[confproc] Serban I, / 1998 / Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management / ACM Workshop on Role-Based Access Control, : 81~90

[journal] J.B.D.Joshi / 2005 / A generalized Temporal Role Based Access Control Model / IEEE Transactions on Knowledge and Data Engineering 17(1) : 4~23

[confproc] J.B.D.joshi, / 2006 / Fine-grained role-based delegation in presence of the hybrid role hierarchy / Proc.11th ACM,Access control model and Technologies : 81~90

[confproc] J. Wainer / 2005 / A Fine-Grained, Controllable, User-to-User Delegation Method in RBAC / Proc. 10th ACM Symp. Access Control Models and Technologies(SACMAT '05), : 59~66

[confproc] Y.Zhang / 2007 / Achieving Flexible Task Delegation in Role-Based Agent Teams / Proceedings of the IEEE International Conference on Systems,Man,and Cybernetics,2007 : 3801~3806

[confproc] Hagstrom, A / 2001 / Revocation-a Classification / Computer Security Foundations Workshop, 2001. Proceedings. 14th IEEE, : 44~58

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65