Integrating Delegation with the Formal Core RBAC Model

Abstract

Role-based access control (RBAC) models are a powerful tool for describing and managing authorization, particularly, in large organizations. The benefits of using formal methods to describe RBAC models in a clear, consistent and rigorous manner have been recognized. Notable exemplars, that have been formulated in the formal specification notation Z, include NIST's reference RBAC model and the minimalist Core RBAC model. These models, however, do not support delegation, an important authorization feature which is often deployed in real access control systems. In RBAC, delegation empowers a user in a certain role to authorize another user to perform the tasks permissible to that role. This paper aims at integrating a version of role delegation, known as grant independent delegation, with the Core RBAC model. The paper introduces a state based model in which grant independent delegation and revocation operations are formally specified in Z. Integration with the Core RBAC model is achieved by simply combining the two models using the standard Z schema conjunction operator.