This paper proposes a logic based framework that extends role based access control systems with dynamic delegation in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The implementation of the framework is also discussed. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.
|Number of pages||25|
|Journal||Distributed and Parallel Databases|
|Publication status||Published - Jun 2014|
- Logic programs
- Privilege delegation
- Role based access control