Enable delegation for RBAC with secure authorization certificate

Abstract

Our motivation in this paper is to explore a Secure Delegation Scheme that could keep access control information hidden through network transmission. This approach introduces the quasirandom structure, 3-Uniform Hypergraph, as the representation structure for authorization information. It generates a Secure Authorization Certificate (SAC) in place of an Attribute Certificate (AC) to enable both Role-based Access Control (RBAC) and a delegation process for hiding authorization information. We have two contributions in this regard: (1) a value-based delegation scheme and (2) a pattern-based RBAC. A Secure Delegation Scheme is based on the hashing values generated with the quasirandom structure. With this scheme, the delegation process will greatly reduce the risk of sensitive authorization information leakage for applications. In the case of pattern-based access, we introduce a new hash function using quasirandom structure to make a fingerprint(1) for RBAC. The quasirandom structure derived from k-Uniform Hypergraph has measurable uniformity, which is an advantage over traditional hash functions. Another advantage is that it does not need to access the entire message context to generate the fingerprint which is essential for traditional hash functions such as MD5, SHA-1, etc. (C) 2011 Elsevier Ltd. All rights reserved.