Reasoning about dynamic delegation in role based access control systems

Chun Ruan*, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

1 Citation (Scopus)

Abstract

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.

Original languageEnglish
Title of host publicationDatabase Systems for Advanced Applications - 16th International Conference, DASFAA 2011, Proceedings, Part 1
EditorsJeffrey Xu Yu, Myoung Ho Kim, Rainer Unland
Place of PublicationHeidelberg, Germany
PublisherSpringer, Springer Nature
Pages239-253
Number of pages15
Volume6587 LNCS
ISBN (Print)9783642201486
DOIs
Publication statusPublished - 2011
Event16th International Conference on Database Systems for Advanced Applications, DASFAA 2011 - Hong Kong, China
Duration: 22 Apr 201125 Apr 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume6587 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other16th International Conference on Database Systems for Advanced Applications, DASFAA 2011
Country/TerritoryChina
CityHong Kong
Period22/04/1125/04/11

Fingerprint

Dive into the research topics of 'Reasoning about dynamic delegation in role based access control systems'. Together they form a unique fingerprint.

Cite this