Information Technology Reference
In-Depth Information
Towards More Controllable and Practical Delegation
Gang Yin
1
, Huaimin Wang
1
, Dianxi Shi
1
, and Haiya Gu
2
1
Department of Computer Science,
National University of Defense Technology, Changsha, China
2
Agricultural Bank of China, Hunan Branch, China
jack_nudt@yahoo.com.cn, fayecoolbaby@163.com
Abstract.
Delegation is essential to the flexibility and scalability of trust man-
agement systems. But unrestricted delegation may result in privilege prolifera-
tion and breach the privacy of information systems. The delegation models of
existing trust management systems can not avoid privilege transition, and being
lack of effective constraints on delegation propagation, which may easily lead
to privilege proliferation. In this paper, we propose a generalized constrained
delegation model (GCDM), which uses
typed privileges
to control potential
privilege transition, and restricts the propagation scope of delegation trees by a
novel delegation constraint mechanism named
spacial constraints
. This paper
also designs a rule-based trust management language named REAL05 to ex-
press the policies and semantics for GCDM. REAL05 supports flexible delega-
tion policies while can control the potential privilege proliferation in subsequent
delegations. Comprehensive samples and simulation results show that our ap-
proach is more controllable and practical.
1 Introduction
Trust management (TM) is a promising approach to access control in environments
where entities in different administrative domains want to share resources. Delegation
is the core mechanism for transferring trust and authorization in TM systems, which
greatly improves the flexibility and scalability of distributed access control. However,
delegation may also easily lead to “privilege proliferation” and breach the privacy of
information systems.
One important reason for privilege proliferation in TM systems is the transition be-
tween management-type permissions (
MTP
) and access-type permissions (
ATP
)
during delegation process. B. S. Firozabadi etc have pointed out that privileges of
these two types of privileges are essentially different [3], and use “authority” and
“permission” to denote them respectively. In most TM systems however, delegation
of
MTP
and
ATP
are expressed by the same sort of policy items, such as “condition”
field in Keynote [8], “authorization tag” in SPKI [4], “base-atom” in DL [11], etc. For
example, “read(file1)” and “isMember(?S, orgA)” are base-atoms in DL and used to
express
ATP
and
MTP
respectively. Entities in these systems entitled with
MTP
may
obtain the corresponding
ATP
simply by self-authorization; and the entities holding
ATP
are often allowed to re-delegate the
ATP
to others, which means they have been