Information Technology Reference
In-Depth Information
inherently entitled with the corresponding
MTP
, and may lead to more speedy prolif-
eration of privileges. This kind of privilege model also leads to inefficiency in speci-
fying policies of more “pure” delegation of
MTP
or
ATP
, such as security administra-
tion policies in decentralized authorization and delegation of access capabilities in
proxy-based authentication systems [2, 6, 17].
The other reason for privilege proliferation in TM systems is inefficient control on
privilege propagation. Two typical constraints on delegation in existing TM systems
are boolean control and integer control. Boolean control includes two policies: no
further delegation or unrestricted delegation. SPKI [4] and RT [12] support this kind
of constraint. DL [11] supports integer control over delegation depth. Integer control
provides more flexibility than boolean control, but it supposes that the trust relation-
ships are transitive within the upper-bound of delegation depth, which is too optimis-
tic and may lead to undesired propagation of privileges. DL also supports constraints
on delegation width, but it has to use a temp key to sign the assistant policies to en-
force such constraint.
In this paper, we propose a more controllable and practical delegation model
named GCDM (Generalized Constrained Delegation Model) to restrict the potential
proliferation of privileges during delegation while at the same time keep the inherent
strengths of delegation policies. GCDM uses typed privileges to control potential
privilege transition, and restricts the propagation scope of delegation trees by a novel
delegation constraint structure named spacial constraint. A rule-based policy language
is also introduced to specify the core policies and semantic rules for GCDM. The rest
of this paper is organized as follows. Section 2 defines the main components of
GCDM including a basic model, typed privileges and typed delegations, spacial con-
straint model and its control granularity. In section 3, we describe the syntax and
semantics of a rule-based specification language designed for GCDM. Implement
issues and simulation results are discussed in section 4. Section 5 give further discus-
sion of related work and section 6 concludes this paper.
2 Generalized Constrained Delegation
In this section, we firstly define the basic and generalized part of our model. Then we
extend its privilege model and constraint model to support more controllable and
practical delegation and authorization policies.
2.1 Basic Model
The basic idea of delegation is that one entity delegates its privilege to another entity
to perform functions controlled by the privilege on behalf of the former. The core
components of GCDM are defined as follows.
Definition 1 (Authorization System).
An authorization system
(AS) is a 5-tuple (E,
P, F,
), where E, P and F are sets of all entities, privileges and functions in the
system respectively;
∋
,
∝
are relations where
P,
∋
and
⊃
∋
⊆
E
×
∝
⊆
P
×
F. Given e
∈
E, p
∈
P
and f
∈
F, e
∋
p means e is entitled with p; p
∝
f means p controls f; e can perform the
function f iff
∃
p
∈
P (e
∋
p and p
∝
f).
