An Auto-delegation Mechanism for Access Control Systems
نویسندگان
چکیده
Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships.
منابع مشابه
Decision Theory based Auto-delegation (DTA-d) scheme for Ubiquitous Computing
Access control is a fundamental and essential mechanism to maintain security in ubiquitous computing (UbiComp). Flexibility is an important property for general access control system, which can be achieved by access or authority delegation. Existing delegation mechanisms are "subject-centered", thus in order to make sure that the unavailability of some users does not prevent the syste...
متن کاملRisk-Based Auto-delegation for Probabilistic Availability
Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and “bre...
متن کاملOn the Security of Delegation in Access Control Systems
Delegation is a mechanism that allows a user A to act on another user B’s behalf by making B’s access rights available to A. It is well recognized as an important mechanism to provide resiliency and flexibility in access control systems, and has gained popularity in the research community. However, most existing literature focuses on modeling and managing delegations. Little work has been done ...
متن کاملUne Approche Dynamique pour la Gestion des Politiques de Délégation dans les Systèmes de Contrôle d´Accès
Task delegation is a mechanism that supports organisational flexibility in the humancentric workflow systems, and ensures delegation of authority in access control systems. In this paper, we define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them...
متن کاملTask Delegation Based Access Control Models for Workflow Systems
e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined st...
متن کامل