Exploring user-to-role delegation in role-based access control

Abstract

Mechanisms must be provided to protect resources from attackers when users request access to resources in network environments. Role-Based Access Control (RBAC) formulates that access decisions are based on the roles that individual users have as members of a system. In RBAC, there are role hierarchies in which a senior role inherits the permissions of a junior role. In order to allow a junior role to perform one or more tasks of a senior role, various delegation models have been proposed in the literature, including Role-Based Access Control Model (RBAC96), Role-Based Delegation Model (RBDM0), Attribute-Based Delegation Model (ABDM), Role-Based Delegation Model 2000 (RDM2000) and Permission-Based Delegation Model (PBDM). The main work of this thesis presents a flexible conceptual delegation model called User-to-Role Delegation Model (URDM), which is based on RDM2000. URDM supports role hierarchy, single-step delegation and simultaneous delegation by introducing a new delegation relation. Four situations are addressed when URDM is involved. We also implement a web application named University Delegation Management System (UDMS) for URDM. At the end of the thesis, we make some generalizations to the area of role-based delegation in access control and present directions for future research.