• Title/Summary/Keyword: Delegation Model

Search Result 61, Processing Time 0.019 seconds

An Integrated Management Model of Administrative Role-Based Access Control and Delegation Policy (ARBAC과 위임 정책의 통합 관리 모델)

  • Oh, Se-Jong;Kim, Woo-Sung
    • The KIPS Transactions:PartC
    • /
    • v.11C no.2
    • /
    • pp.177-182
    • /
    • 2004
  • Delegation is one of important security policies in the access control area. We propose a management model of delegation integrated with ARBAC model for environment of distributed access control. We Integrate PBDM delegation model with ARBAC97 model, and suggest integrity rules of delegation for preventing security threats in new model. Our model supports both free delegation for users without intervention of administrators, and controlling delegation for security administrators.

Extended GTRBAC Delegation Model for Access Control Enforcement in Enterprise Environments (기업환경의 접근제어를 위한 확장된 GTRBAC 위임 모델)

  • Hwang Yu-Dong;Park Dong-Gue
    • Journal of Internet Computing and Services
    • /
    • v.7 no.1
    • /
    • pp.17-30
    • /
    • 2006
  • With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model. sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model. called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model. supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.

  • PDF

A Time Constraints Permission Based Delegation Model in RBAC (RBAC을 기반으로 하는 시간제한 권한 위임 모델)

  • Kim, Tae-Shik;Chang, Tae-Mu
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.11
    • /
    • pp.163-171
    • /
    • 2010
  • RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. Delegation is a mechanism of assigning access rights to a user. RBDM0 and RDM2000 models deal with user-to-user delegation. The unit of delegation in them is a role. However, RBAC does not process delegation of Role or Permission effectively that occurs frequently in the real world. This paper proposes a Time Constraints Permission-Based Delegation Model(TCPBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. TCPBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation with time constraints. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

APDM : Adding Attributes to Permission-Based Delegation Model

  • Kim, Si-Myeong;Han, Sang-Hoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.2
    • /
    • pp.107-114
    • /
    • 2022
  • Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.

User-Level Delegation in Role-Based Access Control Model (역할기반 접근제어에 기초한 사용자 수준의 위임 기법)

  • 심재훈
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.3
    • /
    • pp.49-62
    • /
    • 2000
  • Role-Based Access Control(RBAC) has recently received considerable attention as a alternative to traditional discretionary and mandatory access control to apply variant organizations function hierarchy of commercial or govemment. Also RBAC provides a delegation that is one of control principles in organization. In general delegation occurring in real organization is performed by an user giving permissions to another user. But, RBAC cannot implement these user-level delegation correctly. And delegation result in security problem such as destroying separation of duty policy information disclosure due to inappro-priate delegation. Besides security adminsitrator directly deals with that problem. In this thesis we suggests some methods that is created by the user.

An Advanced Permission-Based Delegation Model in RBAC (RBAC을 기반으로 하는 향상된 권한 위임 모델)

  • Kim, Tae-Shik;Chang, Tae-Mu
    • The KIPS Transactions:PartC
    • /
    • v.13C no.6 s.109
    • /
    • pp.725-732
    • /
    • 2006
  • RBAC(Role-Based Access Control) has advantages in managing access controls, because it offers the role inheritance and separation of duty in role hierarchy structures. However, RBAC does not process delegation of permission effectively that occurs frequently in the real world. This paper proposes an Advanced Permission-Based Delegation Model(APBDM) that guarantees permanency of delegated permissions and does not violate security principle of least privilege and separation of duty. APBDM, based on the well-known RBAC96, supports both user-to-user and role-to-role delegation. A delegator can give permission to a specific person, that is delegatee, and the permission can be withdrawn whenever the delegator wants. Our model is analyzed and shown to be effective in the present paper.

Role-Based Delegation Model Using Available Time (가용 시간을 이용한 역할 기반 위임 모델)

  • Kim, Kyoung-Ja;Chang, Tae-Mu
    • The KIPS Transactions:PartC
    • /
    • v.14C no.1 s.111
    • /
    • pp.65-72
    • /
    • 2007
  • The existing RBAC models are not sufficient for managing delegations or separation of roles. Researches have been done on RBDM(Role Based Delegation Model) that deal with delegating role or permission to other users. In this paper, we divide the delegated roles into two groups: periodic and temporary delegation roles. When a role is delegated, a time period is assigned together, which is used to revoke the permission of delegated role automatically. In our model, the role of monotonic delegation by an original user can be revoked at any time in case of malicious use by the delegated user. The contribution of our model is that the malicious use of delegated role can be prohibited and security vulnerability in the role hierarchy due to role delegations can be alleviated. The proposed model, T RBDM(Time out Based RBDM) is analyzed and compared with the conventional models, such as RBDM0, RBDM1 and PBDM. Our model shows an advantage over other models in terms of security robustness.

Extended GTRBAC Model for Access Control Enforcement in Ubiquitous Environments (유비쿼티스 환경의 접근제어를 위한 확장된 GTRBAC 모델)

  • Hwang Yu-Dong;Park Dong-Gue
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.3 s.35
    • /
    • pp.45-54
    • /
    • 2005
  • The existing access control models have the demerits that do not provide the limit function of using resources by time constraint, the restricted inheritance function as a superior role in role hierarchy, the delicate delegation policy and the limit function of using resources by the location information about a user for the access control in ubiquitous environment. This paper proposes an Extended-GTRBAC model is suited to the access control in ubiquitous environment by applying to sub-role concept of GTRBAC model that the application of resources can be restricted by the period and time and PBDM and considering the location information about a user on temporal constraint. The proposal model can restrict the inheritance of permission in role hierarchy by using sub-role, provide the delicate delegation policy such as user-to-user delegation, role to role delegation, multi-level delegation. multi-step delegation, and apply diverse and delicate access control policy which is suited the characteristic of ubiquitous environment by considering the location information about a user on temporal constraint.

  • PDF

Delegation using D-RBAC in Distributed Environments (분산환경에서 도메인-RBAC을 이용한 권한위임)

  • 이상하;채송화;조인준;김동규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.6
    • /
    • pp.115-125
    • /
    • 2001
  • Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

Reliability and Validity of the Korean Version of Nurses' Attitudes and Preparedness towards Delegation (한국어판 간호사의 위임에 대한 태도 및 준비성 측정도구의 타당도와 신뢰도)

  • Kim, Miyoung;Park, Jinhwa;Choi, Miran
    • Journal of Korean Academy of Nursing Administration
    • /
    • v.22 no.1
    • /
    • pp.11-21
    • /
    • 2016
  • Purpose: The purpose of this study was to develop and test the validity and reliability of the Korean version of nurses' attitudes toward delegation and preparedness to delegate (APD). Methods: The Korean version of APD was developed through forward-backward translation methods. Internal consistency reliability, criterion validity, and construct validity using exploratory and confirmatory factor analysis were conducted using IBM SPSS Statistics 19 and AMOS 20.0. Survey data were collected from 161 nurses working in 2 general hospitals. Results: The Korean version of APD showed Cronbach's alphas of .68 and .85. Factor loadings of the 8 attitude items on the 3 subscales ranged from .60 to .86 and the 15 preparedness items on the 4 subscales ranged from .47 to .90. The model of 3 subscales for the Korean nurses' attitude toward delegation and the model of 4 subscales for the Korean nurses' preparedness to delegate were both validated by confirmatory factor analysis(NC<3, CFI>.90, RMSEA<.10). Criterion validity compared to job satisfaction showed significant correlation. Conclusion: The findings of this study demonstrate that this modified Korean version of APD is applicable for measuring Korean nurses' attitude toward delegation and preparedness to delegate.