Integrating Delegation with the Formal Core RBAC Model

Abdallah, Ali E. and Takabi, Hassan (2008) Integrating Delegation with the Formal Core RBAC Model. In: Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference. IEEE Conference Publications, pp. 33-36. ISBN 978-0-7695-3324-7

Full text not available from this repository. (Request a copy)


Role-based access control (RBAC) models are a powerful tool for describing and managing authorization, particularly, in large organizations. The benefits of using formal methods to describe RBAC models in a clear, consistent and rigorous manner have been recognized. Notable exemplars, that have been formulated in the formal specification notation Z, include NIST's reference RBAC model and the minimalist Core RBAC model. These models, however, do not support delegation, an important authorization feature which is often deployed in real access control systems. In RBAC, delegation empowers a user in a certain role to authorize another user to perform the tasks permissible to that role. This paper aims at integrating a version of role delegation, known as grant independent delegation, with the Core RBAC model. The paper introduces a state based model in which grant independent delegation and revocation operations are formally specified in Z. Integration with the Core RBAC model is achieved by simply combining the two models using the standard Z schema conjunction operator.

Item Type: Book Section
Identification Number:
Uncontrolled Keywords: Z schema conjunction operator, role-based access control model, authorization, formal method, formal specification notation, NIST reference RBAC model, minimalist core RBAC model, role delegation, grant independent delegation, revocation operation , Access control, Computational modeling, Monitoring, Security, Organizations, Authorization, Formal specifications
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Oana-Andreea Dumitrascu
Date Deposited: 06 Apr 2017 14:49
Last Modified: 22 Mar 2023 12:02

Actions (login required)

View Item View Item


In this section...