short-paper

A new approach for delegation in usage control

Authors:
Xiao Liang Hu

The University of Western Ontario, London, ON, Canada

The University of Western Ontario, London, ON, Canada
View Profile

,
Sylvia L. Osborn

The University of Western Ontario, London, ON, Canada

The University of Western Ontario, London, ON, Canada
View Profile

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyFebruary 2013Pages 269–276https://doi.org/10.1145/2435349.2435388

Published:18 February 2013Publication History

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 269–276

ABSTRACT

UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.

References

Ezedin Barka and Ravi Sandhu. Framework for Role-based delegation models. In ACSAC'00, pages 168--176, 2000. Google ScholarDigital Library
Xiao Liang Hu. A new approach for delegations in usage control. Master's thesis, The University of Western Ontario, 2012.Google Scholar
Yongming Jin, Jinqiang Ren, Jinqiang Huiping Sun, Suming Li, and Zhong Chen. An improved scheme for delegation based on usage control. In Proceedings of the 2008 Int. Conf. on Future Generation Communication and Networking, pages 74--78. IEEE Computer Society, 2008. Google ScholarDigital Library
Basel Katt, Xinwen Zhang, Ruth Breu, Michael Hafner, and Jean-Pierre Seifert. A general obligation model and continuity: enhanced policy enforcement engine for usage control. In Proc.13th ACM SACMAT, pages 123--132, 2008. Google ScholarDigital Library
Matunda Nyanchama and Sylvia L. Osborn. The role graph model and conflict of interest. ACM TISSEC, 2(1):p3--33, Feb. 1999. Google ScholarDigital Library
Jaehong Park. Usage Control: A Unified Framework for Next Generation Access Control. PhD thesis, George Mason University, 2003. Google ScholarDigital Library
Jaehong Park and Ravi Sandhu. Towards usage control models: beyond traditional access control. In Proceedings of 7th ACM SACMAT, pages 57--64, 2002. Google ScholarDigital Library
Jaehong Park and Ravi Sandhu. The UCONriptsizeABC usage control model. ACM TISSEC, 7(1):128--174, February 2004. Google ScholarDigital Library
Farzad Salim, Jason Reid, and Ed Dawson. An administrative model for UCONABC. In Proc. 8th Australasian Conf. on Inf. Security - Volume 105, pages 32--38, 2010. Google ScholarDigital Library
Ravi Sandhu. The PEI Framework for Application- Centric Security. In 1st Int. Workshop on Security and Comm. Networks (IWSCN), pages 1--6, 2009.Google Scholar
Ravi Sandhu, David Ferraiolo, and Richard Kuhn. The NIST model for role-based access control: towards a unified standard. In Proc. 5th ACM RBAC workshop, pages 47--63, 2000. Google ScholarDigital Library
Ravi Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. Computer, 29(2):p38--47, Feb. 1996. Google ScholarDigital Library
He Wang and Sylvia L. Osborn. An administrative model for role graphs. In DBSec, pages 302--315, 2003.Google Scholar
He Wang and Sylvia L. Osborn. Delegation in the role graph model. In Proc. 11th ACM SACMAT, pages 91--100, 2006. Google ScholarDigital Library
He Wang and Sylvia L. Osborn. Static and dynamic delegation in the role graph model. IEEE Trans. on Knowl. Data Eng., 23:1569--1582, Oct. 2011. Google ScholarDigital Library
Xinwen Zhang. Formal Model and Analysis of Usage Control. PhD thesis, George Mason University, 2006. Google ScholarDigital Library
Zhiyong Zhang, Lin Yang, Qingqi Pei, and Jianfeng Ma. Research on usage control model with delegation characteristics based on OM-AM methodology. In Proc. 2007 IFIP Int. Conf. on Network and Parallel Computing Workshops, pages 238--243, 2007. Google ScholarDigital Library

Index Terms

A new approach for delegation in usage control
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

The UCON_ABC usage control model

In this paper, we introduce the family of UCON_ABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, ...
Read More
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Read More
A fine-grained, controllable, user-to-user delegation method in RBAC
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

This paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 February 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
RBAC
UCON
delegation
usage control
Qualifiers
- short-paper
Conference

Acceptance Rates
CODASPY '13 Paper Acceptance Rate24of107submissions,22%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 154
  Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A new approach for delegation in usage control

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

The UCON_ABC usage control model

PBDM: a flexible delegation model in RBAC

A fine-grained, controllable, user-to-user delegation method in RBAC