Skip to main content
SpringerLink
Log in

A Discretionary Delegation Framework for Access Control Systems

  • Conference paper
  • First Online:
On the Move to Meaningful Internet Systems: OTM 2016 Conferences (OTM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10033))

  • 1493 Accesses

Abstract

Provision for delegation of access privileges lends access control systems flexibility and context-awareness. The topic of delegation did not exist in classical computing security, but – as IT systems got more distributed and complex – provision for delegation became a necessary access-control feature, and consequently much effort has been dedicated to extend conventional access control models with delegation capability. Many such efforts have pivoted around the well-known Role-based Access Control (RBAC) model, mainly for compatibility reasons, as RBAC had already been considered the de facto industry standard – even before the need for delegation arose in enterprise information systems. However, delegation is arguably more discretionary in nature rather than role-based; especially for healthcare informatics which is the application domain for our proposed delegation framework. In this paper, we present a discretionary framework for delegation of access rights from a delegator to a delegatee by implementing a delegation-token and various stages of its life cycle in tamper-resistant devices including smartcards. The proposed framework is designed and implemented using our eTRON cybersecurity architecture which advocates use of public key cryptographic protocols for secure entity authentication, data integrity and data confidentiality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. National Computer Security Center: A guide to understanding discretionary access control in trusted systems. Report NSCD-TG-003 Version 1 (1987)

    Google Scholar 

  2. Department of Defense (1985) Trusted computer system evaluation criteria. DoD 5200.28-STD, National Computer Security Center, USA

    Google Scholar 

  3. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  4. Caumanns, J., Kuhlisch, R., Pfaff, O., Rode, O.: IHE IT infrastructure technical framework white paper – access control. http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf (2009)

  5. Health Level Seven International: HL7 implementation guide for CDA® release 2: digital signatures and delegation of rights, release 1. http://www.hl7.org/implement/standards/product_brief.cfm?product_id=375 (2014)

  6. Sakamura, K., Koshizuka, N.: The eTRON wide-area distributed-system architecture for e-commerce. IEEE Micro 21(6), 7–12 (2001)

    Article  Google Scholar 

  7. Rankl, W.: Smart card applications: design models for using and programming smart cards, 3rd edn. John Wiley & Sons Ltd., West Sussex (2007)

    Book  Google Scholar 

  8. Yashiro, T., Khan, M.F.F., Ito, S., Bessho, M., Kobayashi, S., Usaka, T., Koshizuka, N., Sakamura, K.: eTNet: a smart card network architecture for flexible electronic commerce services. In: 4th IFIP International Conference on New Technologies, Mobility and Security, pp. 1–5 (2011)

    Google Scholar 

  9. Karp, A.H., Haury, H., Davis, M.H.: From ABAC to ZBAC: the evolution of access control models. Technical Report HPL-2009-30, HP Labs. http://www.hpl.hp.com/techreports/2009/HPL-2009-30.pdf (2009)

  10. Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of National Information Systems Security Conference, pp. 101–114 (2000)

    Google Scholar 

  11. Barka, E., Sandhu, R.: Role-based delegation model/hierarchical roles. In: Proceedings of Computer Security Applications Conference, pp. 396–404 (2004)

    Google Scholar 

  12. Zhang, L., Ahn, G., Chu, B.T.: A rule-based framework for role based delegation. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, pp. 53–162 (2001)

    Google Scholar 

  13. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, pp. 149–157 (2003)

    Google Scholar 

  14. Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 109–118 (2010)

    Google Scholar 

  15. Kagal, L., Finin, T., Joshi, A.: Trust-based security in pervasive computing environments. IEEE Comput. 34(12), 154–157 (2001)

    Article  Google Scholar 

  16. Steffen, R., Knorr, R.: A trust-based delegation system for managing access control. In: Adjunct Proceedings, 3rd International Conference on Pervavise Computing. http://www.pervasive.ifi.lmu.de/adjunct-proceedings/poster/p001-005.pdf (2005)

  17. YRP Ubiquitous Networking Laboratory: Programming manual of eTRON client library (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interfaculty Initiative in Information Studies, The University of Tokyo, Tokyo, Japan

    M. Fahim Ferdous Khan & Ken Sakamura

  2. YRP Ubiquitous Networking Laboratory, Tokyo, Japan

    Ken Sakamura

Authors
  1. M. Fahim Ferdous Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ken Sakamura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Fahim Ferdous Khan .

Editor information

Editors and Affiliations

  1. ADAPT Centre, Trinity College Dublin, Dublin 2, Ireland

    Christophe Debruyne

  2. University of Lorraine, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. TU Graz, Graz, Austria

    Robert Meersman

  4. La Trobe University, Melbourne, Australia

    Tharam Dillon

  5. Institute of Computer Languages, TU Wien, Vienna, Austria

    eva Kühn

  6. ADAPT Centre, Trinity College Dublin, Dublin 2, Ireland

    Declan O'Sullivan

  7. Università degli Studi di Milano Crema, Crema, Italy

    Claudio Agostino Ardagna

Appendix

Appendix

The following shows API command specification for eopn_ses (cited from eTRON client library)

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Khan, M.F.F., Sakamura, K. (2016). A Discretionary Delegation Framework for Access Control Systems. In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_54

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48472-3_54

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48471-6

  • Online ISBN: 978-3-319-48472-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation