On the Security of Delegation in Access Control Systems

13 years 7 months ago
On the Security of Delegation in Access Control Systems
Delegation is a mechanism that allows a user A to act on another user B's behalf by making B's access rights available to A. It is well recognized as an important mechanism to provide resiliency and flexibility in access control systems, and has gained popularity in the research community. However, most existing literature focuses on modeling and managing delegations. Little work has been done on understanding the impact of delegation on the security of existing access control systems. In particular, no formal notion of security with respect to delegation has been proposed. Many existing access control systems are designed without having delegation in mind. Simply incorporating a delegation module into those systems may cause security breaches. This paper focuses on the security aspect of delegation in access control systems. We first give examples on how colluding users may abuse the delegation support of access control systems to circumvent security policies, such as separa...
Qihua Wang, Ninghui Li, Hong Chen
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Authors Qihua Wang, Ninghui Li, Hong Chen
Comments (0)