Monotonic and Non-monotonic Context Delegation

Mouiad Al-Wahah, Csilla Farkas

Abstract

Delegating access privileges is a common practice of access control mechanisms. Delegation is usually used for distributing responsibilities of task management among entities. Delegation comes in two forms, GRANT and TRANSFER. In GRANT delegation, a successful delegation operation allows delegated privileges to be available to both the delegator and delegatee. In TRANSFER delegation, delegated privileges are no longer available to the delegator. Although several delegation approaches have been proposed, current models do not consider the issue of context delegation in context-based access control policies. We present two ontology-based context delegation approaches. Monotonic context delegation, which adopts GRANT version of delegation, and non-monotonic for TRANSFER version of delegation. The approach presented here provides a dynamic and adaptive privilege delegation for access control policies. We employ Description logic (DL) and Logic Programming (LP) technologies for modeling contexts, delegation and CBAC privileges. We have designed three lightweight Web Ontology Language (OWL) ontologies, CTX, CBAC, and DEL, for context, Context-Based Access Control (CBAC), and delegation, respectively. We show that semantic-based techniques can be used to support adaptive and dynamic context delegation for CBAC policies. We provide the formal framework of the approaches and show that they are sound, consistent and preserve least-privilege principle.

Download


Paper Citation


in Harvard Style

Al-Wahah M. and Farkas C. (2019). Monotonic and Non-monotonic Context Delegation.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 449-460. DOI: 10.5220/0007400904490460


in Bibtex Style

@conference{icissp19,
author={Mouiad Al-Wahah and Csilla Farkas},
title={Monotonic and Non-monotonic Context Delegation},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={449-460},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007400904490460},
isbn={978-989-758-359-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Monotonic and Non-monotonic Context Delegation
SN - 978-989-758-359-9
AU - Al-Wahah M.
AU - Farkas C.
PY - 2019
SP - 449
EP - 460
DO - 10.5220/0007400904490460