Fine-grained role graph model

Role based access control (RBAC) is a well known access control model. Three major RBAC models have been introduced: the RBAC96/97/99/02 model, the NIST RBAC model and the Role Graph Model. Since the Role Graph Model is based on graph theory, it has unique features and advantages. A decentralized administrative model, called the Administrative Role Graph Model (ARGM), was introduced in my Masters thesis. The integration of Discretionary Access Control models and the Administrative Role Graph Model is studied. The ARGM is extended to support static and dynamic delegation. Constraints are also studied. All of these make the Role Graph Model into a fine-grained access control model.;RBAC is policy neutral and can simulate Discretionary Access Control (DAC) if configured properly. Previous research examining the mapping of DAC models to RBAC has considered neither ownership nor further granting of privileges. These problems are explored in the context of a relational database environment to build the solution for mapping DAC to the ARGM. Features of operating system environments as examples of DAC systems are also studied. The purpose of this research is to determine if the ARGM has sufficient features to accomplish this mapping. The other purpose is to study whether the grant operation in relational databases should be modeled as administration or as delegation. The result shows that that the ARGM can simulate both ownership and granting, without requiring a delegation model.;Delegation has received lot of attention in the literature recently. Based on our decentralized administrative role graph model, a solution to support delegation with less modification of the ARGM was sought. A combination of user/group assignment and user-role assignment to support user to user, permission to user and role to role delegation is developed. A powerful source-dependent revocation algorithm is found and described.;Since delegation happens at run time, it is very important to study delegation at run time, which has not been done in detail before. The delegation model needs to be separated into a static model and a dynamic model. A static delegation model and its operations are defined and discussed together with a detailed partial revocation operation and algorithms. Details concerning the changes of role hierarchy, user/group structure and RBAC operations relating to delegation are also examined.;A dynamic delegation model for a run time environment based on a role-based approach is presented. This model introduces sessions, dynamic role activation and the relationship among sessions. Dynamic delegation in cooperation with sessions, called session-oriented delegation, is introduced. A powerful edge labelling method is used to present sessions and delegation in the role graph model.;In an enterprise environment, companies need to cooperate with other companies. This requires an access model to support administration and delegation that cross the boundaries of the companies. The model is extended further to support this feature. This is called the cross domain delegation model. Constraints are studied for static, dynamic and cross domain delegation. A reference monitor is designed to enforce fine-grained role-based access control and delegation.;In order to present the work precisely, Z notation is used to define the Role Graph Model and to make some corrections to previous works from colleagues. Z notation for the ARGM, the mapping of DAC to ARGM, static delegation, dynamic delegation and cross domain delegation are also provided.;In order to test the correctness of the new model, a demonstration implementation in JAVA was carried out. The experiment shows the model is correct.