Delegation Management Modeling in a Security Policy based Environment

TL;DR

This paper presents a formal, generic model for managing delegation processes within security policy environments, covering initiation, verification, and revocation to enhance network security and collaboration.

Contribution

It introduces a novel formal modeling framework for delegation in security policies, detailing the entire delegation lifecycle with new specific features.

Findings

A comprehensive formal model for delegation in security policies.

Extension of delegation steps with new specific characteristics.

Framework supports secure and efficient delegation management.

Abstract

Security Policies (SP) constitute the core of communication networks protection infrastructures. It offers a set of rules allowing differentiating between legitimate actions and prohibited ones and consequently, associates each entity in the network with a set of permissions and privileges. Moreover, in today's technological society and to allow applications perpetuity, communication networks must support the collaboration between entities to face up any unavailability or flinching. This collaboration must be governed by security mechanisms according to the established permissions and privileges. Delegation is a common practice that is used to simplify the sharing of responsibilities and privileges. The delegation process in a SP environment can be implanted through the use of adequate formalisms and modeling. The main contribution of this paper is then, the proposition of a generic and formal modeling of delegation process. This modeling is based on three steps composing the delegation life cycle: negotiation used for delegation initiation, verification of the SP respect while delegating and revocation of an established delegation. Hence, we propose to deal with each step according to the main delegation characteristics and extend them by some new specificities.