Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for role-based access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.     

Roles in information security – A survey and classification of the research area

The concept of roles has been prevalent in the area of Information Security for more than 15 years already. It promises simplified and flexible user management, reduced administrative costs, improved security, as well as the integration of employees’ business functions into the IT administration. A comprehensive scientific literature collection revealed more than 1300 publications dealing with the application of sociological role theory in the context of Information Security up to now. Although there is an ANSI/NIST standard and an ISO standard proposal, a variety of competing models and interpretations of the role concept have developed. The major contribution of this survey is a categorization of the complete underlying set of publications into different classes. The main part of the work is investigating 32 identified research directions, evaluating their importance and analyzing research tendencies. An electronic bibliography including all surveyed publications together with the classification information is provided additionally. As a final contribution potential future developments in the area of role-research are considered.     

Role engineering: From design to evolution of security schemes

This paper presents a methodology to design the RBAC (Role-Based Access Control) scheme during the design phase of an Information System. Two actors, the component developer and the security administrator, will cooperate to define and set up the minimal set of roles in agreement with the application constraints and the organization constraints that guarantee the global security policy of an enterprise. In order to maintain the global coherence of the existing access control scheme, an algorithm is proposed to detect the possible inconsistencies before the integration of a new component in the Information System.     

A function-based user authority delegation model

User authority delegation is granting or withdrawing access to computer-based information by entities that own and/or control that information. These entities must consider who should be granted access to specific information in the organization and determine reasonable authority delegation. Role Based Access Control (RBAC) delegation management, where user access authority is granted for the minimum resources necessary for users to perform their tasks, is not suitable for the actual working environment of an organization. Currently, RBAC implementations cannot correctly model inheritance and rules for different delegations are in conflict. Further, these systems require that user roles, positions, and information access be continuously and accurately updated, resulting in a manual, error-prone access delegation system. This paper presents a proposal for a new authority delegation model, which allows users to identify their own function-based delegation requirements as the initial input to the RBAC process. The conditions for delegations are identified and functions to implement these delegations are defined. The criteria for basic authority delegation, authentication and constraints are quantified and formulated for evaluation. An analysis of the proposed model is presented showing that this approach both minimizes errors in delegating authority and is more suitable for authority delegation administration in real organizational applications.     

基于角色的访问控制模型分析

介绍了一种新型的访问控制机制－－基于角色的访问控制ＲＢＡＣ（Ｒｏｌｅ－Ｂａｓｅｄ Ａｃｃｅｓｓ Ｃｏｎｔｒｏｌ）的研究背景与基本特征,对它的规则模型ＲＢＡＣ９６与管理模型ＡＲＢＡＣ９７进行了重点描述,并在最后给出了一个设计实例。     

ACTEN: A conceptual model for security systems design

This paper describes ACTEN, a conceptual model for the design of security systems. Security information is represented by action-entity pairs and organized into a framework composed of graphs and tables. The rules permitting the building and management of this framework are introduced.The model describes both static and dynamic aspects of the security system; in fact, it shows the access modalities between objects in the system and the evolution of such modalities due to grant and revocation of rights within the security system.ACTEN also allows the identification of the authority and protection level of each component of the system. The tools for this analysis are introduced and an example is given.     

A distributable security management architecture for enterprise systems spanning multiple security domains

Administering security in modern enterprise systems may prove an extremely complex task. Their large scale and dynamic nature are the main factors that contribute to this fact. A robust and flexible model is needed in order to guarantee both the easy management of security information and the efficient implementation of security mechanisms. In this paper, we present the foundations and the prototypical implementation of a new access control framework. The framework is mainly targeted to highly dynamic, large enterprise systems (e.g., service provisioning platforms, enterprise portals etc.), which contain various independent functional entities. Significant advantages gained from the application of the designated framework in such systems are epitomized in the easiness of managing access to their hosted resources (e.g., services) and the possibility of applying distributable management schemes for achieving it. The proposed framework allows for multi-level access control through the support of both role-based and user-based access control schemes. Discussion is structured in three distinct areas: the formal model of the proposed framework, the data model for supporting its operation, and the presentation of a prototypical implementation. The development of the framework is based on open technologies like XML, java and Directory Services. At the last part of the paper the results of a performance assessment are presented, aiming to quantify the delay overhead, imposed by the application of the new framework in a real system. Ioannis Priggouris received his B.Sc. in Informatics from the Department of Informatics & Telecommunications of the University of Athens, Greece in 1997 and his M.Sc. in Communication Systems and Data Networks from the same Department in 2000. Over the last years he has been a PhD candidate in the department. Since 1999, he has been a member of the Communication Networks Laboratory (CNL) of the University of Athens. As a senior researcher of the CNL he has participated in several EU projects implemented in the context of IST, namely the EURO-CITI and the PoLoS projects. He has also been extensively involved in several National IT Research projects. His research interests are in the areas of mobile computing, QoS and mobility support for IP networks, and network security. He is the author of several papers and book chapters in the aforementioned areas. Stathes Hadjiefthymiades received his B.Sc. (honors) and M.Sc. in Informatics from the Dept. of Informatics, University of Athens, Greece, in 1993 and 1996 respectively. In 1999 he received his Ph.D. from the University of Athens (Dept. of Informatics and Telecommunications). In 2002 he received a joint engineering-economics M.Sc. from the National Technical University of Athens. In 1992 he joined the Greek consulting firm Advanced Services Group, Ltd., where he was involved in the analysis, design and implementation of telematic applications and other software systems. In 1995 he joined, as research engineer, the Communication Networks Laboratory (UoA-CNL) of the University of Athens. During the period September 2001-July 2002, he served as a visiting assistant professor at the University of Aegean, Dept. of Information and Communication Systems Engineering. On the summer of 2002 he joined the faculty of the Hellenic Open University (Dept. of Informatics), Patras, Greece, as an assistant professor. Since December 2003, he is in the faculty of the Dept. of Informatics and Telecommunications, University of Athens, where he is presently an assistant professor and coordinator of the Pervasive Computing Research Group. He has participated in numerous projects realized in the context of EU programs (ACTS, ORA, TAP, and IST), EURESCOM projects, as well as national initiatives. His research interests are in the areas of web engineering, wireless/mobile computing, and networked multimedia applications. He is the author of over 100 publications in the above areas.     

A practical mandatory access control model for XML databases

A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance.     

A reference model for team-enabled workflow management systems

Today's workflow systems assume that each work item is executed by a single worker. From the viewpoint of the system, a worker with the proper qualifications selects a work item, executes the associated work, and reports the result. There is usually no support for teams, i.e., groups of people collaborating by jointly executing work items (e.g., the program committee of a conference, the management team of a company, a working group, and the board of directors). In this paper, we propose the addition of a team concept to today's workflow management systems. Clearly, this involves a marriage of workflow and groupware technology. To shed light on the introduction of teams, we extend the traditional organizational meta model with teams and propose a team-enabled workflow reference model. For this reference model and to express constraints with respect to the distribution of work to teams, we use object constraint language (OCL).     

基于角色的代理模型的实现

讨论了用户之间的基于角色的代理,以RBAC96中的模型作为基础,分别考虑不存在角色继承和约束情况下,存在角色继承情况下以及存在角色约束情况下,用户之间的代理行为。     

An object-oriented organizational model to support dynamic role-based access control in electronic commerce

Role-based access control (RBAC) provides flexibility to security management over the traditional approach of using user and group identifiers. In RBAC, access privileges are given to roles rather than to individual users. Users acquire the corresponding permissions when playing different roles. Roles can be defined simply as a label, but such an approach lacks the support to allow users to automatically change roles under different contexts; using static method also adds administrative overheads in role assignment. In electronic commerce (E-Commerce) and other cooperative computing environments, access to shared resources has to be controlled in the context of the entire business process; it is therefore necessary to model dynamic roles as a function of resource attributes and contextual information.In this paper, an object-oriented organizational model, Organization Modeling and Management (OMM), is presented as an underlying model to support dynamic role definition and role resolution in E-Commerce solution. The paper describes the OMM reference model and shows how it can be applied flexibly to capture the different classes of resources within a corporation, and to maintain the complex and dynamic roles and relationships between the resource objects. Administrative tools use the role model in OMM to define security policies for role definition and role assignment. At runtime, the E-Commerce application and the underlying resource manager queries the OMM system to resolve roles in order to authorize any access attempts. Contrary to traditional approaches, OMM separates the organization model from the applications; thus, it allows independent and flexible role modeling to support realistically the dynamic authorization requirements in a rapidly changing business world.     

基于角色访问控制的实现研究

本文从实现角度介绍了基于角色访问控制模型RBAC3的概念,并对授权管理和访问控制两个关键部分进行形式化描述。     

Global transaction support for workflow management systems: from formal specification to practical implementation

In this paper, we present an approach to global transaction management in workflow environments. The transaction mechanism is based on the well-known notion of compensation, but extended to deal with both arbitrary process structures to allow cycles in processes and safepoints to allow partial compensation of processes. We present a formal specification of the transaction model and transaction management algorithms in set and graph theory, providing clear, unambiguous transaction semantics. The specification is straightforwardly mapped to a modular architecture, the implementation of which is first applied in a testing environment, then in the prototype of a commercial workflow management system. The modular nature of the resulting system allows easy distribution using middleware technology. The path from abstract semantics specification to concrete, real-world implementation of a workflow transaction mechanism is thus covered in a complete and coherent fashion. As such, this paper provides a complete framework for the application of well-founded transactional workflows. Received: 16 November 1999 / Accepted 29 August 2001 Published online: 6 November 2001     

基于角色的访问控制在政府采购系统中的应用

提出并实现了政府采购系统中基于角色的访问控制（RBAC）子系统（RBAC—GP）。RBAC—GP实现了职责分离原则和权限最小化原则，能有效防止权限滥用；有效地解决了政府采购系统中错综复杂访问控制问题，大大降低了系统授权管理的复杂性；可配置性强，升级和维护容易。     

A graph-theoretical model of computer security

We describe a model of computer security that applies results from the statistical properties of graphs to human-computer systems. The model attempts to determine a safe threshold of interconnectivity in a human-computer system by ad hoc network analyses. The results can be applied to physical networks, social networks and networks of clues in a forensic analysis. Access control, intrusions and social engineering can also be discussed as graph- and information-theoretical relationships. Groups of users and shared objects, such as files or conversations, provide communication channels for the spread of both authorized and unauthorized information. We present numerical criteria for measuring the security of such systems and algorithms for finding the vulnerable points.     

强制访问控制在基于角色的保护系统中的实现

研究了通过对基于角色的访问控制（RBAC）进行定制实现强制访问控制（MAC）机制的方法。介绍了RBAC模型和MAC模型的基本概念,讨论了它们之间的相似性,给出了在不考虑角色上下文和考虑角色上下文两种情形下满足强制访问控制要求的RBAC系统的构造方法。从这两个构造中可以看出,强制访问控制只是基于角色的访问控制的一种特例,用户可以通过对RBAC系统进行定制实现一个多级安全系统。     

A survey of security in multi-agent systems

Multi-agent systems (MAS) are a relatively new software paradigm that is being widely accepted in several application domains to address large and complex tasks. However, with the use of MAS in open, distributed and heterogeneous applications, the security issues may endanger the success of the application. The goal of this research is to identify the security issues faced by MAS and to survey the current state of the art of this field of knowledge. In order to do it, this paper examines the basic concepts of security in computing, and some characteristics of agents and multi-agent systems that introduce new threats and ways to attack. After this, some models and architectures proposed in the literature are presented and analyzed.     

基于CORBA的安全代理模型及其支撑框架

分布对象系统中的安全代理行为可能导致访问控制问题变得非常复杂。该文首先描述了代理的基本概念和复杂行为,然后基于COBRASec的访问控制模型提出了一个支持代理的访问控制模型CBDM,并基于CBDM设计了兼容CSIv2安全互操作规范的,具有良好可扩展性和灵活性的代理支撑框架CBDF。