IIT Home Page CNR Home Page

An Auto-Delegation Mechanism for Access Control Systems

Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Delegation is important as it permits controlled overriding of the authorization policy, thereby providing greater flexibility in dealing with exceptional circumstances. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships.

From 19/01/2011-15.00 to 19/01/2011-15.00 , Aula didattica dello IIT (Aula A32)

Speaker: Charles Morriset

Responsible: Fabio Martinelli

Note: Charles Morisset is a post-doc with research interests on access control systems and formal aspects of security. Prior joining the security group, He has been a postdoc at the Information Security Group, Royal Holloway, University of London, working on risk-based and flexible access control systems with Jason Crampton. Before being in London, he was a postdoc at the International Institute for Software Technology, in Macau, China, working with Zhiming Liu on the development of a formal component based language and its integration within a UML tool. He obtained his PhD from the Université UPMC - Paris 6, under the supervision of Mathieu Jaume and Thérèse Hardin, by defining a formal framework for the definition of access control systems.