Abstract
Efforts towards incorporating user-to-user delegation into Attribute-Based Access Control (ABAC) is an emerging new direction in ABAC research. A number of potential strategies for integrating delegation have been proposed in recent literature but few have been realized as full ABAC delegation models. This work formalizes one such strategy, entitled User-To-User Attribute Delegation, into a working delegation model by extending the Hierarchical Group and Attribute-Based Access Control (HGABAC) model to support dynamic and “off-line” attribute delegation. A framework to support the proposed delegation model is also presented and gives implementation details including an updated Attribute Certificate format and service protocol based on the Hierarchical Group Attribute Architecture (HGAA).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anderson, A., Nadalin, A., Parducci, B., et al.: eXtensible Access Control Markup Language (XACML) Version 1.0. OASIS (2003)
Crampton, J., Khambhammettu, H.: Delegation in role-based access control. Int. J. Inf. Secur. 7(2), 123–136 (2008)
Rostad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 175–186. IEEE (2006)
Sabahein, K., Reithel, B., Wang, F.: Incorporating delegation into ABAC: healthcare information system use case. In: Proceedings of the International Conference on Security and Management (SAM), pp. 291–297 (2018)
Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_12
Servos, D., Osborn, S.L.: Strategies for incorporating delegation into Attribute-Based Access Control (ABAC). In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds.) FPS 2016. LNCS, vol. 10128, pp. 320–328. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-51966-1_21
Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. (CSUR) 49(4), 65 (2017)
Servos, D., Osborn, S.L.: HGAA: an architecture to support hierarchical group and attribute-based access control. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp. 1–12 (2018)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Low Level Certificate Chain Diagram
B Low Level Extended Attribute Certificate Diagram
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Servos, D., Bauer, M. (2020). Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-45371-8_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45370-1
Online ISBN: 978-3-030-45371-8
eBook Packages: Computer ScienceComputer Science (R0)