1

Framework for Role-Based Delegation Models (RBDMs)

By:

Ezedin S.Barka and Ravi SandhuLaboratory Of Information Security Technology

George Mason University

{e.barka, sandhu}@isse.gmu.edu

www.list.gmu.edu

2

Introduction

• What is delegation?

• Forms of delegation

• Our focus

• RBAC96 is the base for our work

3

What is delegation?

• An active entity in a system delegates authority to another active entity to carry out some function on behalf of the former

• Active entities– Human being– Computer– Software agent– Process– etc.

4

Forms of delegation

• human to human

• Human to machine

• Machine to machine

• Perhaps even machine to human

5

Human-to human role-based delegation

• A user who is a member of a role to delegate his/her role to another user who belongs to some other role.

6

The RBAC96 Model

RH Role Hierarchy

UA PA User Assignment Permission Assignment

Figure 1-a: Simplified version of RBAC96 Model

RRoles

UUsers

Constraints

PPermis-sions

7

Example of role Hierarchy Project lead

Production Engineer Quality Engineer

EngineeringProject Lead > Quality Engineer

Quality Engineer > engineering

Production engineerQuality engineer

8

The RBDM Framework

• Identified a number of characteristics related to delegation between humans,– Permanence

– Monotonicity

– Administration

– Levels of delegation

– Multiple delegation

– Bilateral agreements

– Revocation

9

Permanence

• Weather or not the delegating role member looses membership in the delegating role.– Permanent: is permanently replacement by the

delegate user• delegating user can’t get the role back

• Delegate member assumes full power in the role

– Temporary: expires with time or by revocation• Delegating user maintain responsibility over the behavior of

the delegate user in the delegated role

10

Monotonicity

• Weather or not the delegating role member looses the power in the delegating role. – Monotonic: Upon delegation, the delegating user

maintains his power in that role• Can override any action by the delegate user

– Non-monotonic: During delegation, the delegating user looses his power in the delegated role

• Never looses the revoking permissions

• Regains full power upon delegation expiration

11

Totality

• Size of the delegated permission in a role– Total: delegating all the permissions assigned to the

role

– Partial: delegating only subset of the role• Easier to address in hierarchical roles

12

Administration

• who administer the delegation– Self-administered

• The delegating user carryout the actual delegation process

– Agent-based• A third party conducts the actual delegation

• Needed when the delegating user is not available

13

Levels of delegation

• How many times can the role be further delegated– Single-step Delegation

• The role can be delegated only once

– Multi-step delegation• The delegated role is further delegated

• Adds a lots of complexities

14

Multiple delegation

• Number of people to whom a delegating role member can delegate at any given time.– To a single person

• Role is delegated to only one person at a time

– To multiple people simultaneously• Role is delegated to more than one person at a time

• Introduces accountability issues

15

Bilateral agreements

• Both parties have to agree on the delegation

16

Revocation

The process by which a delegating user take away the privileges delegated to another user – Cascading revocation

• Usually a concern in the case of the two step delegation

– grant-dependency revocation• Who can revoke

– Only the delegating user can revoke

– Any member of the delegating role can revoke

17

Delegation

Permanent Temporary

Non-monotonic Monotonic Single step Multi-step (Not useful)

self-acted Total Monotonic Non- Monotonic (eliminated)

Others not relevant

Self Agent (Not useful)

Total/Partial Partial G. D. revocation G.Ind. revocation

Cascading R. Cascading R. Multi-delegation.

(Comprehensive Model)

* G.D revocation means grant-dependent revocation* G.Ind revocation means grant-independent revocation* Cascading R means cascading revocation

Figure 2. Tree structure showing the partitioning process

18

Models in this framework

• Permanent delegation– RBDM-PD , work in progress

• Temporary delegation– self administered

• RBDM-FR, NISSC 2000

• RBDM-HR, NISSC 2000

– Agent-based• ABEDM, work in progress

19

Conclusion

• Identified a number of characteristic related to delegation

• Used a systematic approach to reduce the large number of possibilities to some useful cases

• Used the reduced cases to build delegation models

20

Questions?