ABSTRACT
Role-based access control (RBAC) has been recognized as an efficient access control model for secure computer systems. In the meantime, centralized administration has received a lot of attention due to a simple and strong control mechanism in access control. However, it is really hard to know what controls are appropriate for every object/subject when the number of object/subject is very large by a single authority. Thus delegation of authority could be delayed or uncontrollable so that it is not suitable for real time systems. In this paper, we propose a dynamic delegation strategy in role based delegation model for flexible and automatic management. To realize delegation mechanism, we provide an efficient method for separation of duty rule and privilege distribution. Thus, it blocks that user acting alone can compromise the security of the data processing system, and it also minimizes frequent granting operations and overburden to certain users for continuous works.
