1 / 20

Framework for Role-Based Delegation Models (RBDMs)

Framework for Role-Based Delegation Models (RBDMs). By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University {e.barka, sandhu}@isse.gmu.edu www.list.gmu.edu. Introduction. What is delegation? Forms of delegation Our focus

eithne
Download Presentation

Framework for Role-Based Delegation Models (RBDMs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University {e.barka, sandhu}@isse.gmu.edu www.list.gmu.edu

  2. Introduction • What is delegation? • Forms of delegation • Our focus • RBAC96 is the base for our work

  3. What is delegation? • An active entity in a system delegates authority to another active entity to carry out some function on behalf of the former • Active entities • Human being • Computer • Software agent • Process • etc.

  4. Forms of delegation • human to human • Human to machine • Machine to machine • Perhaps even machine to human

  5. Human-to human role-based delegation • A user who is a member of a role to delegate his/her role to another user who belongs to some other role.

  6. The RBAC96 Model

  7. Example of role Hierarchy Project lead Production Engineer Quality Engineer Project Lead > Quality Engineer Quality Engineer > engineering Production engineerQuality engineer Engineering

  8. The RBDM Framework • Identified a number of characteristics related to delegation between humans, • Permanence • Monotonicity • Administration • Levels of delegation • Multiple delegation • Bilateral agreements • Revocation

  9. Permanence • Weather or not the delegating role member looses membership in the delegating role. • Permanent: is permanently replacement by the delegate user • delegating user can’t get the role back • Delegate member assumes full power in the role • Temporary: expires with time or by revocation • Delegating user maintain responsibility over the behavior of the delegate user in the delegated role

  10. Monotonicity • Weather or not the delegating role member looses the power in the delegating role. • Monotonic: Upon delegation, the delegating user maintains his power in that role • Can override any action by the delegate user • Non-monotonic: During delegation, the delegating user looses his power in the delegated role • Never looses the revoking permissions • Regains full power upon delegation expiration

  11. Totality • Size of the delegated permission in a role • Total: delegating all the permissions assigned to the role • Partial: delegating only subset of the role • Easier to address in hierarchical roles

  12. Administration • who administer the delegation • Self-administered • The delegating user carryout the actual delegation process • Agent-based • A third party conducts the actual delegation • Needed when the delegating user is not available

  13. Levels of delegation • How many times can the role be further delegated • Single-step Delegation • The role can be delegated only once • Multi-step delegation • The delegated role is further delegated • Adds a lots of complexities

  14. Multiple delegation • Number of people to whom a delegating role member can delegate at any given time. • To a single person • Role is delegated to only one person at a time • To multiple people simultaneously • Role is delegated to more than one person at a time • Introduces accountability issues

  15. Bilateral agreements • Both parties have to agree on the delegation

  16. Revocation The process by which a delegating user take away the privileges delegated to another user • Cascading revocation • Usually a concern in the case of the two step delegation • grant-dependency revocation • Who can revoke • Only the delegating user can revoke • Any member of the delegating role can revoke

  17. Models in this framework • Permanent delegation • RBDM-PD , work in progress • Temporary delegation • self administered • RBDM-FR, NISSC 2000 • RBDM-HR, NISSC 2000 • Agent-based • ABEDM, work in progress

  18. Conclusion • Identified a number of characteristic related to delegation • Used a systematic approach to reduce the large number of possibilities to some useful cases • Used the reduced cases to build delegation models

  19. Questions?

More Related