A graph theoretic approach to authorization delegation and conflict resolution in decentralised systems

The problem of resolving conflicts in delegated authorizations has not been systematically addressed by researchers. In (Ruan and Varadharajan in Proceedings of the 7th Australasian Conference on Information Security and Privacy, pp. 271–285, 2002) we proposed a graph based framework that supports authorization delegation and conflict resolution. In this paper, we have extended the model to allow grantors of delegations to express degrees of certainties about their delegations and grants of authorizations. This expression of certainty gives the subjects (e.g. users) more flexibility to control their delegations of access rights. We propose a new conflict resolution policy based on weighted lengths of authorization paths. This policy provides a greater degree of flexibility in that it enables to specify and analyse the effect of predecessor-successor relationship as well as the weights of authorizations on the conflicts. We present a detailed algorithm to evaluate authorization delegations and conflict resolutions. The correctness proof and time complexity of the algorithm are also provided. Since in a dynamic environment, the authorization state is not static, we have considered how authorization state changes occur and have developed an algorithm to analyse authorization state transformations and given correctness proofs. Finally, we discuss how to achieve a global decision policy from local authorization policies in a distributed environment. Three integration models based on the degrees of node autonomy are proposed, and different strategies of integrating the local policies into the global policies in each model are systematically discussed.     

A formalized delegation model for multimedia social networks

In response to the issues of second-hand sharing and repeat delegation of the digital content in existing multimedia social networks, this paper proposed a novel formalized delegation model for multimedia social network. In accordance with this model, delegators can independently lay down delegation policies. Further, related delegation constraints and strategies were identified to solve delegation conflicts. When a conflict arises among several delegations, strategies could be used to solve the conflict. This delegation model can control the authorities and are delegated consistently until the authorization expires or is revoked. And also, the paper presented essential security policies that lead to revoking different authorities. A use case of real multimedia social network further verified the efficiency and effectiveness of the proposed model.     

一个基于逻辑的存取控制模型

在任何一个安全系统中，存取控制都是一个极为重要的问题。本文提出一个基于逻辑程序设计的方法来管理非集中式的授权及其代理。在这个系统中，允许用户代理管理权限、授权或禁止其他用户使用某些存取权限。给出一组独立于论域的规则来实现代理正确性、解决冲突和沿着主体、客体及存取权限层次结构的授权传递，其基本思想是将这些一般规则与用户定义的一组与论域相关的特殊规则结合起来，以推导出系统中成立的所有授权。此外，还给出一些语义性质。     

基于欧拉图的授权扩散拓扑构建与授权撤销

在分散式自主授权模式中,接受授权的用户可以将转授给他的权限再次转授给其他人,经过多步转授的权限扩散与不完全的委托撤销可能导致隐性授权冲突.在以往的授权模型中,模型设计的重点在于如何授权,而对于授权撤销考虑甚少.由于转授权路径生成的随意性,增加了遍历路径完成授权回收的难度.针对授权路径的生成和转授权回收进行研究,引入欧拉图对授权路径构建进行约束,在此基础上给出了授权路径构建算法与转授权路径遍历回收方法,通过有目的的授权路径构建,简化转授权路径遍历过程,解决转授权路径遍历不完全导致的授权撤销不完整问题,防止权限扩散并消除隐性授权冲突.     

Dynamic role authorization in multiparty conversations

Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the \({\pi}\)-calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.     

DW-RBAC: A formal security model of delegation and revocation in workflow systems

One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be associated with the roles. Thus, users can perform tasks based on the privileges possessed by their own role or roles they inherit by virtue of their organizational position. However, there is no easy way to handle delegations within this model. This paper tries to treat the issues surrounding delegation in workflow systems in a comprehensive way. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. The new extended model is called RBAC with delegation in a workflow context (DW-RBAC). It allows for delegations to be specified from a user to another user, and later revoked when the delegation is no longer required. The implications of such specifications and their subsequent revocations are examined. Several formal definitions for assertion, acceptance, execution and revocation are provided, and proofs are given for the important properties of our delegation framework.     

A function-based user authority delegation model

User authority delegation is granting or withdrawing access to computer-based information by entities that own and/or control that information. These entities must consider who should be granted access to specific information in the organization and determine reasonable authority delegation. Role Based Access Control (RBAC) delegation management, where user access authority is granted for the minimum resources necessary for users to perform their tasks, is not suitable for the actual working environment of an organization. Currently, RBAC implementations cannot correctly model inheritance and rules for different delegations are in conflict. Further, these systems require that user roles, positions, and information access be continuously and accurately updated, resulting in a manual, error-prone access delegation system. This paper presents a proposal for a new authority delegation model, which allows users to identify their own function-based delegation requirements as the initial input to the RBAC process. The conditions for delegations are identified and functions to implement these delegations are defined. The criteria for basic authority delegation, authentication and constraints are quantified and formulated for evaluation. An analysis of the proposed model is presented showing that this approach both minimizes errors in delegating authority and is more suitable for authority delegation administration in real organizational applications.     

Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for role-based access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.     

具有安全审计功能的RBAC委托模型

针对访问控制中委托在安全性和功能性上的不足,通过对比分析RBAC委托模型的特点,结合安全审计概念提出了具有安全审计功能的RBAC委托模型,并给出了形式化的定义和描述。该模型定义了委托的限制条件和传递约束来体现委托的特性,利用审计记录集合实现了委托、撤销和会话授权的过程,通过审计监控和规则事件响应完善了安全审计功能,使委托授权具有自主性和可变性的特点。在管理信息系统的应用和实践表明,该模型是一种安全易管理的委托授权机制,能适应多种委托策略。     

授权中异常冲突的一种解决方法

冲突检测和解决是访问控制授权中的重要问题.对这些问题的探索我们通过研究方法比较进行.首先研究基于逻辑程序的一种授权系统规范,然后通过一个保健部门的典型问题来分析基于传统优先和组织结构的两种冲突解决方案,最后提出基于逻辑程序LPOD(带有序析取的逻辑程序)的针对高水平授权规范中异常冲突的一种解决方法.     

基于层次角色委托的服务网格授权执行模型

针对网格应用中对委托限制的多方面需求,提出了基于层次角色委托的服务网格授权执行模型.模型支持委托角色授予与撤销功能以及相应的关联性限制特性.通过加入信任度,细化了关联性限制的表达粒度.通过定义角色树作为委托授权的基本单位并对角色树进行剪枝,改善了部分委托实现的难度.通过定义带信任度的委托传播树,细化了对委托传播限制的控制.提出的委托凭证全面支持了角色委托的临时性、关联性、部分性、传播性限制需求.对模型中的委托授权执行规则作了形式化描述,并证明了执行规则能够细粒度地控制委托授权的执行过程.实例展示表明,模型能够满足网格应用对委托限制多方面的需求.     

Modellierungsunterstützung für die rollenbasierte Delegation in prozessgestützten Informationssystemen

In the paper, an integrated approach for the modeling and enforcement of delegation policies in process-aware information systems is presented. In particular, a delegation extension for process-related role-based access control (RBAC) models is specified. The extension is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC delegation models. Moreover, the detection of delegation-related conflicts is discussed and a set of pre-defined resolution strategies for each potential conflict is provided. Thereby, the design-time and runtime consistency of corresponding RBAC delegation models can be ensured. Based on a formal metamodel, UML2 modeling support for the delegation of roles, tasks, and duties is provided. A corresponding case study evaluates the practical applicability of the approach with real-world business processes. Moreover, the approach is implemented as an extension to the BusinessActivity library and runtime engine.     

Dynamic delegation framework for role based access control in distributed data management systems

This paper proposes a logic based framework that extends role based access control systems with dynamic delegation in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles’ privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The implementation of the framework is also discussed. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments.     

An authorization model for geospatial data

The advent of commercial observation satellites in the new millennium provides unprecedented access to timely information, as they produce images of the Earth with the sharpness and quality previously available only from US, Russian, and French military satellites. Due to the fact that they are commercial in nature, a broad range of government agencies (including international), the news media, businesses, and nongovernmental organizations can gain access to this information. This may have grave implications on national security and personal privacy. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. Access permissions in this environment are determined by both the spatial and temporal attributes of the data, such as location, resolution level, and the time of image download, as well as those of the user credentials. Since existing authorization models are not adequate to provide access control based on spatial and temporal attributes, in this paper, we propose a geospatial data authorization model (GSAM). Unlike the traditional access control models where authorizations are specified using subjects and objects, authorizations in GSAM are specified using credential expressions and object expressions. GSAM supports privilege modes including view, zoom-in, download, overlay, identify, animate, and fly by, among others. We present our access control prototype system that enables subject, object as well as authorization specification via a Web-based interface. When an access request is made, the access control system computes the overlapping region of the authorization and the access request. The zoom-in and zoom-out requests can simply be made through a click of the mouse, and the appropriate authorizations will be evaluated when these access requests are made     

基于属性约束的权限委托机制及冲突检测方法

针对现有的委托方法中委托约束局限于用户角色的问题,提出了一种基于属性约束的权限委托机制ARPDM,使用先决条件、受托条件和撤销条件等对委托者和受托者的能力进行约束,能够增加权限委托的约束能力,从多个方面对委托者和受托者的委托行为进行控制。分析了委托过程中可能发生的委托约束冲突、冗余委托冲突和环状委托冲突等,设计了一种基于委托树的冲突检测算法,将冲突问题映射为树中结点的关系问题,能够通过一次遍历检测多种冲突,避免了传统方法需要多次检测的问题,具有较高的效率。     

一种基于功能的可控委托模型

委托是RBAC模型需要支持的重要安全策略。针对现有RBAC委托模型在支持细粒度和权限传播可控性上存在的不足,提出一个基于功能的可控委托模型FBCDM,给出了模型的形式化定义和表示。该模型提供灵活的委托粒度、支持时间约束、强制委托约束和细粒度的自主委托约束,保证了多步委托过程中的收敛性和可控性。委托过程的日志记录增强了委托安全性。     

A temporal access control mechanism for database systems

The paper presents a discretionary access control model in which authorizations contain temporal intervals of validity. An authorization is automatically revoked when the associated temporal interval expires. The proposed model provides rules for the automatic derivation of new authorizations from those explicitly specified. Both positive and negative authorizations are supported. A formal definition of those concepts is presented, together with the semantic interpretation of authorizations and derivation rules as clauses of a general logic program. Issues deriving from the presence of negative authorizations are discussed. We also allow negation in rules: it is possible to derive new authorizations on the basis of the absence of other authorizations. The presence of this type of rule may lead to the generation of different sets of authorizations, depending on the evaluation order. An approach is presented, based on establishing an ordering among authorizations and derivation rules, which guarantees a unique set of valid authorizations. Moreover, we give an algorithm detecting whether such an ordering can be established for a given set of authorizations and rules. Administrative operations for adding, removing, or modifying authorizations and derivation rules are presented and efficiency issues related to these operations are also tackled in the paper. A materialization approach is proposed, allowing to efficiently perform access control     

基于图的具有时空约束的可信赖委托授权模型分析

分布式环境下需要可传递授权机制,而传统委托授权模型的委托授权不但缺乏对时间和空间的约束,而且仅是基于主体间的信任关系人为的确定可委托授权的主体,是不精确且模糊的。针对上述问题,文章提出了基于图的具有时空约束的可信赖委托授权模型,不仅利用模糊理论来确定可信赖的委托主体,而且增加了时间和空间的约束,分析并解决了循环授权和授权撤销问题。该模型满足了应用中的时空约束、可信赖传递授权等安全需求,具有普遍适用性。