Reasoning about dynamic delegation in role based access control systems

Chun Ruan; Vijay Varadharajan

doi:10.1007/978-3-642-20149-3

Reasoning about dynamic delegation in role based access control systems

Chun Ruan, Vijay Varadharajan

School of Computer, Data & Mathematical Sciences

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

2 Citations (Scopus)

Abstract

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.

Original language	English
Title of host publication	Proceedings of the 16th International Conference on Database Systems for Advanced Applications (DASFAA 2011): Hong Kong, China, 22-25 April 2011
Publisher	Springer
Pages	239-253
Number of pages	15
ISBN (Print)	9783642201486
DOIs	https://doi.org/10.1007/978-3-642-20149-3
Publication status	Published - 2011
Event	DASFAA (Conference : Database systems) - Duration: 22 Apr 2011 → …

Publication series

Name
ISSN (Print)	0302-9743

Conference

Conference	DASFAA (Conference : Database systems)
Period	22/04/11 → …

Access to Document

10.1007/978-3-642-20149-3

Cite this

@inproceedings{d05d2ac01ab044d68add26df25191ae7,

title = "Reasoning about dynamic delegation in role based access control systems",

abstract = "This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.",

author = "Chun Ruan and Vijay Varadharajan",

year = "2011",

doi = "10.1007/978-3-642-20149-3",

language = "English",

isbn = "9783642201486",

publisher = "Springer",

pages = "239--253",

booktitle = "Proceedings of the 16th International Conference on Database Systems for Advanced Applications (DASFAA 2011): Hong Kong, China, 22-25 April 2011",

note = "DASFAA (Conference : Database systems) ; Conference date: 22-04-2011",

}

TY - GEN

T1 - Reasoning about dynamic delegation in role based access control systems

AU - Ruan, Chun

AU - Varadharajan, Vijay

PY - 2011

Y1 - 2011

N2 - This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.

AB - This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.

UR - http://handle.uws.edu.au:8081/1959.7/544237

UR - http://www.cintec.cuhk.edu.hk/DASFAA2011/

U2 - 10.1007/978-3-642-20149-3

DO - 10.1007/978-3-642-20149-3

M3 - Conference Paper

SN - 9783642201486

SP - 239

EP - 253

BT - Proceedings of the 16th International Conference on Database Systems for Advanced Applications (DASFAA 2011): Hong Kong, China, 22-25 April 2011

PB - Springer

T2 - DASFAA (Conference : Database systems)

Y2 - 22 April 2011

ER -

Reasoning about dynamic delegation in role based access control systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this