ABSTRACT
UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.
- Ezedin Barka and Ravi Sandhu. Framework for Role-based delegation models. In ACSAC'00, pages 168--176, 2000. Google ScholarDigital Library
- Xiao Liang Hu. A new approach for delegations in usage control. Master's thesis, The University of Western Ontario, 2012.Google Scholar
- Yongming Jin, Jinqiang Ren, Jinqiang Huiping Sun, Suming Li, and Zhong Chen. An improved scheme for delegation based on usage control. In Proceedings of the 2008 Int. Conf. on Future Generation Communication and Networking, pages 74--78. IEEE Computer Society, 2008. Google ScholarDigital Library
- Basel Katt, Xinwen Zhang, Ruth Breu, Michael Hafner, and Jean-Pierre Seifert. A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proc.13th ACM SACMAT, pages 123--132, 2008. Google ScholarDigital Library
- Matunda Nyanchama and Sylvia L. Osborn. The role graph model and conflict of interest. ACM TISSEC, 2(1):p3--33, Feb. 1999. Google ScholarDigital Library
- Jaehong Park. Usage Control: A Unified Framework for Next Generation Access Control. PhD thesis, George Mason University, 2003. Google ScholarDigital Library
- Jaehong Park and Ravi Sandhu. Towards usage control models: beyond traditional access control. In Proceedings of 7th ACM SACMAT, pages 57--64, 2002. Google ScholarDigital Library
- Jaehong Park and Ravi Sandhu. The UCONriptsizeABC usage control model. ACM TISSEC, 7(1):128--174, February 2004. Google ScholarDigital Library
- Farzad Salim, Jason Reid, and Ed Dawson. An administrative model for UCONABC. In Proc. 8th Australasian Conf. on Inf. Security - Volume 105, pages 32--38, 2010. Google ScholarDigital Library
- Ravi Sandhu. The PEI Framework for Application- Centric Security. In 1st Int. Workshop on Security and Comm. Networks (IWSCN), pages 1--6, 2009.Google Scholar
- Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The NIST model for role-based access control: towards a unified standard. In Proc. 5th ACM RBAC workshop, pages 47--63, 2000. Google ScholarDigital Library
- Ravi Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. Computer, 29(2):p38--47, Feb. 1996. Google ScholarDigital Library
- He Wang and Sylvia L. Osborn. An administrative model for role graphs. In DBSec, pages 302--315, 2003.Google Scholar
- He Wang and Sylvia L. Osborn. Delegation in the role graph model. In Proc. 11th ACM SACMAT, pages 91--100, 2006. Google ScholarDigital Library
- He Wang and Sylvia L. Osborn. Static and dynamic delegation in the role graph model. IEEE Trans. on Knowl. Data Eng., 23:1569--1582, Oct. 2011. Google ScholarDigital Library
- Xinwen Zhang. Formal Model and Analysis of Usage Control. PhD thesis, George Mason University, 2006. Google ScholarDigital Library
- Zhiyong Zhang, Lin Yang, Qingqi Pei, and Jianfeng Ma. Research on usage control model with delegation characteristics based on OM-AM methodology. In Proc. 2007 IFIP Int. Conf. on Network and Parallel Computing Workshops, pages 238--243, 2007. Google ScholarDigital Library
Index Terms
- A new approach for delegation in usage control
Recommendations
The UCONABC usage control model
In this paper, we introduce the family of UCONABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
A fine-grained, controllable, user-to-user delegation method in RBAC
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesThis paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control ...
Comments