Research on a Fine-Grained Overriding Mechanism Based on Delegation

• Autorzy: Jiao D. , Liu L. , Ma S.

Warianty tytułu

PL

Badania ograniczenia dostępu typu overriding bazującego na delegacji upoważnienia

• Języki publikacji: EN

Abstrakty

EN

Discretionary Overriding of Access Control is a flexible solution that gives the subject of the access control policy the ability to override the denied access. However, the definition of emergency situations is difficult to express in the mechanism, which may render it inefficient in such situations. In the present work, a fine-grained overriding mechanism based on delegation in presented. In the proposed mechanism, the permissions of the Overriding Ability Subject are delegated from the Overriding Permission Subject, so that users with high-level roles can determine whether or not there exists an emergency situation and whether or not to allow overriding.

PL

System DOAC umożliwia dostęp zewnętrzny w sytuacjach wyjątkowych. W pracy zaproponowano subtelny system udzielania zgody na dostęp oraz możliwość uznania przez upoważnionego użytkownika, że sytuacja jest wyjątkowa.

Słowa kluczowe

EN

DOAC system; access control

PL

kontrola dostępu; system DOAC

• Wydawca: Wydawnictwo SIGMA-NOT
• Czasopismo: Przegląd Elektrotechniczny
• Rocznik: 2012
• Tom: R. 88, nr 5b
• Strony: 93--96
• Opis fizyczny: Bibliogr. 11 poz., rys., tab.

Twórcy

autor

Jiao D.

autor

Liu L.

autor

Ma S.

• Key Laboratory of Beijing Network Technology, Beihang University

Bibliografia

• [1] Sandhu R S., Lattice-based access control models. Computer. 26 (1993) No.11, 9-19.
• [2] Sandhu R S., Coyne E.J, Feinstein H L, et al., Role-based access control method, IEEE Computer. 29 (1996) No.2, 38-47.
• [3] Zhang X, Oh S, Sandhu R. PBDM: a flexible delegation model in RBAC, In: Proceedings of the eighth ACM symposium on Access control models and technologies. ACM, 2003. 149-157.
• [4] Na S Y, Cheon S H., Role delegation in role-based access control, Proceedings of the fifth ACM workshop on Role-based access control, 2000, 39-44.
• [5] Crampton J, Khambhammettu H., Delegation in role-based access control, International Journal of Information Security. 7(2008) No. 2, 123-136.
• [6] Rissanen E, Firozabadi B, Sergot M., Towards a mechanism for discretionary overriding of access control, Security Protocols, 2006, 312-319.
• [7] Zhai Zheng-De, Feng Deng-Guo, Xu Zhen., Fine-Grained Controllable Delegation Authorization Model Based on Trustworthiness, Journal of Software, 18(2007) No.8, 2002-2015.
• [8] Li N, Wang Q, Tripunitara M., Resiliency Policies in Access Control, ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 12(2009) No.4, 20.
• [9] Povey D., Optimistic security: a new access control paradigm, Proceedings of the 1999 workshop on New security paradigms, 2000, 40 – 45.
• [10] Rissanen E, Firozabadi B, Sergot M., Discretionary overriding of access control in the privilege calculus, Formal Aspects in Security and Trust, 173(2005), 219-232.
• [11] Alqatawna J, Rissanen E, Sadighi B., Overriding of access control in XACML, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks Proceedings. 2007, 87-95.