An Advanced Permission-Based Delegation Model in RBAC

Kim Tae-Shik; Chang Tae-Mu

An Advanced Permission-Based Delegation Model in RBAC

Kim Tae-Shik

Chang Tae-Mu

The KIPS Transactions:PartC, Vol. 13, No. 6, pp. 725-732, Oct. 2006

https://doi.org/10.3745/KIPSTC.2006.13C.6.725, PDF Download:

Keywords: RBAC(Role-Based Access Control), Role, Delegation, permission
Abstract

RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

K. Tae-Shik and C. Tae-Mu, "An Advanced Permission-Based Delegation Model in RBAC," The KIPS Transactions:PartC, vol. 13, no. 6, pp. 725-732, 2006. DOI: https://doi.org/10.3745/KIPSTC.2006.13C.6.725.

[ACM Style]

Kim Tae-Shik and Chang Tae-Mu. 2006. An Advanced Permission-Based Delegation Model in RBAC. The KIPS Transactions:PartC, 13, 6, (2006), 725-732. DOI: https://doi.org/10.3745/KIPSTC.2006.13C.6.725.