Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for role-based access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.     

Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems

ContextIn many organizational environments critical tasks exist which – in exceptional cases such as an emergency – must be performed by a subject although he/she is usually not authorized to perform these tasks. Break-glass policies have been introduced as a sophisticated exception handling mechanism to resolve such situations. They enable certain subjects to break or override the standard access control policies of an information system in a controlled manner.ObjectiveIn the context of business process modeling a number of approaches exist that allow for the formal specification and modeling of process-related access control concepts. However, corresponding support for break-glass policies is still missing. In this paper, we aim at specifying a break-glass extension for process-related role-based access control (RBAC) models.MethodWe use model-driven development (MDD) techniques to provide an integrated, tool-supported approach for the definition and enforcement of break-glass policies in process-aware information systems. In particular, we provide modeling support on the computation independent model (CIM) layer as well as on the platform independent model (PIM) and platform specific model (PSM) layers.ResultsOur approach is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC and corresponding break-glass policies. Based on the formal CIM layer metamodel, we present a UML extension on the PIM layer that allows for the integrated modeling of processes and process-related break-glass policies via extended UML Activity diagrams. We evaluated our approach in a case study on real-world processes. Moreover, we implemented our approach at the PSM layer as an extension to the BusinessActivity library and runtime engine.ConclusionOur integrated modeling approach for process-related break-glass policies allows for specifying break-glass rules in process-aware information systems.     

Reconstructing a formal security model

Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.     

几种基于角色的代理授权模型特征比较

基于角色访问控制(RBAC)被普遍认为是当前最具有发展潜力的访问控制策略。RBAC模型通过角色将用户和权限相联系,极大降低了授权管理的复杂性,解决了具有大量用户和权限分配的系统中管理复杂性问题。基于角色的代理授权模型是基于角色的访问控制研究的一个热点。文中对现有的几种基于角色的代理授权模型进行了比较研究,系统分析了它们的优缺点及其差异,对基于角色的代理授权模型研究和应用有一定的参考价值。     

Modellierungsunterstützung für die rollenbasierte Delegation in prozessgestützten Informationssystemen

In the paper, an integrated approach for the modeling and enforcement of delegation policies in process-aware information systems is presented. In particular, a delegation extension for process-related role-based access control (RBAC) models is specified. The extension is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC delegation models. Moreover, the detection of delegation-related conflicts is discussed and a set of pre-defined resolution strategies for each potential conflict is provided. Thereby, the design-time and runtime consistency of corresponding RBAC delegation models can be ensured. Based on a formal metamodel, UML2 modeling support for the delegation of roles, tasks, and duties is provided. A corresponding case study evaluates the practical applicability of the approach with real-world business processes. Moreover, the approach is implemented as an extension to the BusinessActivity library and runtime engine.     

层次化角色的受限授权模型研究

针对现有用户-用户的层次化角色授权模型存在授权冲突问题,基于授权的时限和约束限制规则,对层次化角色的授权组件、相关性质以及互斥角色的约束限制规则进行了描述.提出了一种层次化角色的受限授权模型,该模型满足最小特权和职责分离两安全原则.给出了角色授权的生成和撤销算法,并对该模型的正确性和完整性进行了讨论.最后给出了实现该模型的体系架构,并通过应用实例验证了模型的有效性和实用性,较好地解决了角色层次上的授权冲突问题.     

DW-RBAC: A formal security model of delegation and revocation in workflow systems

One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be associated with the roles. Thus, users can perform tasks based on the privileges possessed by their own role or roles they inherit by virtue of their organizational position. However, there is no easy way to handle delegations within this model. This paper tries to treat the issues surrounding delegation in workflow systems in a comprehensive way. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. The new extended model is called RBAC with delegation in a workflow context (DW-RBAC). It allows for delegations to be specified from a user to another user, and later revoked when the delegation is no longer required. The implications of such specifications and their subsequent revocations are examined. Several formal definitions for assertion, acceptance, execution and revocation are provided, and proofs are given for the important properties of our delegation framework.     

A delegation model for extended RBAC

In the field of access control, delegation is an important aspect that is considered part of the administration mechanism. Thus, a comprehensive access control model must provide a flexible administration model to manage delegation and revocation. Unfortunately, to our best knowledge, there is no complete model for describing all delegation requirements for role-based access control. Therefore, proposed models are often extended to support new delegation or revocation characteristics, which is a complex task to manage and requires the redefinition of these models. Moreover, since delegation is modelled separately from administration, this requires the specification of a separate security policy to deal with delegation. In this paper, we describe a new delegation approach for extended role-based access control models. We show that our approach is flexible and is sufficient to deal with administration and delegation requirements in a homogeneous unified framework. Moreover, it provides means to express various delegation and revocation dimensions in a simple manner.     

基于角色的代理统一模型

基于角色的代理是当前访问控制领域研究的核心问题之一。文章提出一种基于角色的用户-用户代理和角色-角色代理统一模型IRBDM,讨论了IRBDM模型的基本思想、体系结构、多步代理及代理撤消策略,它可在网络、工作流管理系统中广泛应用。     

基于RBAC的灵活集团委托模型

针对现有基于RBAC的委托模型不支持集团用户委托形式,提出一种基于角色的灵活集团委托模型,给出了委托关系、委托授权、委托撤销的形式化描述及委托实施过程。该模型提供了一种灵活的委托机制,实现了在分布式协同工作环境下从单个用户到集团用户的统一委托。     

Effective Collaboration with Information Sharing in Virtual Universities

A global education system, as a key area in future IT, has fostered developers to provide various learning systems with low cost. While a variety of e-learning advantages has been recognized for a long time and many advances in e-learning systems have been implemented, the needs for effective information sharing in a secure manner have to date been largely ignored, especially for virtual university collaborative environments. Information sharing of virtual universities usually occurs in broad, highly dynamic network-based environments, and formally accessing the resources in a secure manner poses a difficult and vital challenge. This paper aims to build a new rule-based framework to identify and address issues of sharing in virtual university environments through role-based access control (RBAC) management. The framework includes a role-based group delegation granting model, group delegation revocation model, authorization granting, and authorization revocation. We analyze various revocations and the impact of revocations on role hierarchies. The implementation with XML-based tools demonstrates the feasibility of the framework and authorization methods. Finally, the current proposal is compared with other related work.     

主动授权规则实施支持空间特性的RBAC*

为满足安全策略或者角色定义的变化,系统或模型应该提供一种灵活的机制实施支持空间特性的RBAC。引入了OITE（on-if-then-else）主动授权规则实施支持空间特性的RBAC,定义了支持空间特性的RBAC中各基本元素与OITE之间的映射关系。使用OITE作为实施机制,可以在不同粒度上实施带有空间特性角色约束,并且可以将支持空间特性的RBAC应用在多个领域中。最后简要讨论了授权规则如何从支持空间特性的RBAC安全策略中自动产生。     

一种具有自我管理能力的授权代理模型

在PBDM代理模型的基础上,引入RBAC自身管理RBAC的思想,提出一种新的具有自我管理能力的授权代理模型APBDM。讨论了APBDM模型的基本思想和体系结构,建立了更方便、灵活的授权分配和撤消机制,进一步解决了受限制的权限代理问题,从而使它能在大型分布式的网络、工作流管理系统中有更广泛应用。     

Modeling process-related RBAC models with extended UML activity models

Context

Business processes are an important source for the engineering of customized software systems and are constantly gaining attention in the area of software engineering as well as in the area of information and system security. While the need to integrate processes and role-based access control (RBAC) models has been repeatedly identified in research and practice, standard process modeling languages do not provide corresponding language elements.

Objective

In this paper, we are concerned with the definition of an integrated approach for modeling processes and process-related RBAC models - including roles, role hierarchies, statically and dynamically mutual exclusive tasks, as well as binding of duty constraints on tasks.

Method

We specify a formal metamodel for process-related RBAC models. Based on this formal model, we define a domain-specific extension for a standard modeling language.

Results

Our formal metamodel is generic and can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a corresponding extension for UML2 activity models. The name of our extension is Business Activities. Moreover, we implemented a library and runtime engine that can manage Business Activity runtime models and enforce the different policies and constraints in a software system.

Conclusion

The definition of process-related RBAC models at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies and constraints in a software system. We identified the need for modeling support of process-related RBAC models from our experience in real-world role engineering projects and case studies. The Business Activities approach presented in this paper is successfully applied in role engineering projects.     

Automated reasoning on UML conceptual schemas with derived information and queries

ContextIt is critical to ensure the quality of a software system in the initial stages of development, and several approaches have been proposed to ensure that a conceptual schema correctly describes the user’s requirements.ObjectiveThe main goal of this paper is to perform automated reasoning on UML schemas containing arbitrary constraints, derived roles, derived attributes and queries, all of which must be specified by OCL expressions.MethodThe UML/OCL schema is encoded in a first order logic formalisation, and an existing reasoning procedure is used to check whether the schema satisfies a set of desirable properties. Due to the undecidability of reasoning in highly expressive schemas, such as those considered here, we also provide a set of conditions that, if satisfied by the schema, ensure that all properties can be checked in a finite period of time.ResultsThis paper extends our previous work on reasoning on UML conceptual schemas with OCL constraints by considering derived attributes and roles that can participate in the definition of other constraints, queries and derivation rules. Queries formalised in OCL can also be validated to check their satisfiability and to detect possible equivalences between them. We also provide a set of conditions that ensure finite reasoning when they are satisfied by the schema under consideration.ConclusionThis approach improves upon previous work by allowing automated reasoning for more expressive UML/OCL conceptual schemas than those considered so far.     

Role-based access control for a Grid system using OGSA-DAI and Shibboleth

In this paper, we propose a new role-based access control (RBAC) system for Grid data resources in the Open Grid Services Architecture Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used framework for integrating data resources in Grids. However, OGSA-DAI’s identity-based access control causes substantial administration overhead for the resource providers in virtual organizations (VOs) because of the direct mapping between individual Grid users and the privileges on the resources. To solve this problem, we used the Shibboleth, an attribute authorization service, to support RBAC within the OGSA-DAI. In addition, access control policies need to be specified and managed across multiple VOs. For the specification of access control policies, we used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML); and for distributed administration of those policies and the user-role assignments, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. Our RBAC system provides scalable and fine-grain access control and allows privacy protection. It also supports dynamic delegation of rights and user-role assignments, and reduces the administration overheads for the resource providers because they need to maintain only the mapping information from VO roles to local database roles. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC system adds only a small overhead to the existing security infrastructure of OGSA-DAI.     

基于角色与权限继承的访问控制模型解决方案

基于对RBAC模型及相关模型中角色继承规则,引入权限组等概念,提出了一个改进的角色与权限层次关系模型。在此模型上进行访问控制应用的设计,集成活动目录技术作为统一的人员库,形成了一个较为完善的访问控制解决方案,使基于角色的访问控制更为灵活与利于理解。     

OntoRBAC：基于本体的RBAC策略描述与集成

随着分布式安全系统研究的不断深入和发展，基于策略的体系结构已经逐步成为了访问控制系统中的一种主流方法。然而这些策略的定义均建立在特定的语言基础上。如何在异构的系统间进行集成尚缺乏有效的机制。本文提出了一种基于本体的访问控制策略定义机制——OntoRBAC——它完全支持了RBAC96模型，利用本体这个工具，能够为访问控制策略的制定提供更精确、更强大的描述能力，并且可以实现从语义层次上对不同策略的集成。而借助于SWRL（Semantic Web Rule Language），我们定义了多条适用于OntoRBAC的规则来进行对访问控制决策的推理。最后，介绍了这个系统的实现框架。     

Spatial Domains for the Administration of Location-based Access Control Policies

In the last few years there has been an increasing interest for a novel category of access control models known as location-based or spatially-aware role-based access control (RBAC) models. Those models advance classical RBAC models in that they regulate the access to sensitive resources based on the position of mobile users. An issue that has not yet been investigated is how to administer spatially-aware access control policies. In this paper we introduce GEO-RBAC Admin, the administration model for the location-based GEO-RBAC model. We discuss the concepts underlying such administrative model and present a language for the specification of GEO-RBAC policies.

基于角色访问控制技术的UML表示

基于角色的访问控制（ＲＢＡＣ）技术随着网络的迅速发展而发展,在ＲＢＡＣ中,角色是重要概念,它根据用户在组织内所处的角色进行访问授权与控制,通过角色沟通主体与客体。该文提出了用可视化标准建模语言ＵＭＬ的类图、用例图和交互图（合作图、顺序图）来描述了 ＲＢＡＣ的相关概念。有效地帮助系统开发人员理解ＲＢＡＣ模型和建立基于角色的系统。