Abstract
Corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., with security addressed from different dimensions. One dimension is delegation, where an authorized individual may delegate all or part of his/her authority to another individual, increasing security risk. This paper explores the inclusion of role delegation into a unified security model/enforcement framework that controls access to software APIs to limit, by role, which users can access which parts of APIs, constrained by time, classification (MAC), and data values. This paper examines role delegation, its incorporation into the security model, and, its impact on security assurance.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
References
R. Awischus, Role-based access control with security administration manager, Proceedings of the 2nd ACM Workshop on Role-Based Access Control, 1997.
E. Barka and R. Sandhu, Framework for role-based delegation models, Proceedings of the 23rd National Information Systems Security Conference, 2000.
D. Bell and L. LaPadula, Secure computer systems: Mathematical foundations model, Technical Report M74–244, The Mitre Corporation, Bedford, Massachusetts, 1975.
S. Demurjian and T.C. Ting, Towards a definitive paradigm for security in object-oriented systems and applications, Journal of Computer Security, vol. (4), 1997.
S. Demurjian, et al., A user role-based security model for a distributed environment, Research Advances in Database Information Systems Security, Therrien (ed.), Kluwer, Dordrecht, The Netherlands, 2001.
Joint Operational Support Center, http://gccs.disa.mil/gccs/ 1999.
J. Linn and M. Nystrom, Attribute certification: An enabling technology for delegation and role-based control in distributed environments, Proceedings of the 4th ACM Workshop on Role-Based Access Control, 1999.
S. Na and S. Cheon, Role delegation in role-based access control, Proceedings of the 5th ACM Workshop on Role-Based Access Control, 2000.
C. Phillips, et al., Security engineering for roles and resources in a distributed environment, Proceedings of the 3rd International Systems Security Engineering Association Conference, 2002.
C. Phillips, et al., Towards information assurance in dynamic coalitions, Proceedings of the 2002 IEEE SMC Information Assurance Workshop, 2002.
R. Sandhu and Q. Munawer, The ARBAC99 model for administration of roles, Proceedings of the 15th Annual Computer Security Applications Conference, 2000.
L. Zhang, et al., A rule based framework for role-based delegation, Proceedings of the 6th ACM Symposium on Access Control Models and Tools, 2001.
http://www.engr.uconn.edu/-.steve/DSEC/dsec.html
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Liebrand, M., Ellis, H., Phillips, C., Demurjian, S., Ting, T.C., Ellis, J. (2003). Role Delegation for a Resource-Based Security Model. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive