Open Access
Subscription Access
Classification and formulation of Role-based Separation of Duty Constraints
Separation of Duty (SOD) is a fundamental principle in security systems and has a long history in computer security research. It is also an important characteristic in the Role-Based Access Control (RBAC) system. Various categories of this principle have been pointed out for RBAC environment by different researchers, but they have neither been classified nor formulated. This paper beside classifying and formulating all the former introduced types of SOD in Rolebased environment; presents and defines formally new types of Role-based SOD.
Keywords
Separation of Duty (SOD), Role-based Access Control (RBAC)
User
Information
- Ahn G and Sandhu R (2000) Role-Based Authorization Constraints Specification. ACM Transaction on Information and System Security, 3 (4), pp: 207-226.
- ANSI (2004) American National Standards for Information Technology- Role Based Access Control, ANSI_INCITS 359-2004.
- Clark D and Wilson D (1987) A comparison of commercial and military computer security policies. IEEE Symposium on Computer Security & Privacy. pp: 184-194.
- Ferraiolo D and Kuhn R, (1992) Role-based access control. The original paper on RBAC. Proc. of 15th NIST- National Computer Security Conference, Baltimore, MD. pp: 554-563.
- Ferraiolo D, Cugini J and Kuhn R (1995) Role-Based Access control (RBAC): Features and Motivations. Proceedings of the 11th Annual Computer Security Applications Conference. pp: 242-248.
- Ferraiolo D, Kuhn R and Chandramouli R (2003) Rolebased access control. Artech House Publ., Computer Security Series, www.artechhouse.com.
- Gligor V, Gavrila S and Ferraiolo D (1998) On the formal definition of separation of duty policies and their composition. Proc. IEEE Computer Soc. Sym. on Res. in Security & Privacy, Oakland, CA. IEEE Computer Society Press Los Alamedas, CA. pp: 172-183.
- Jaeger T (1999) On the increasing importance of constraints. Proc. of the 4th ACM Workshop on Rolebased Access Control, pp: 33-42.
- Joshi J, Bertino E, Latif U and Ghafoor A (2005) Generalized temporal role-based access control model. IEEE Transactions on Knowledge & Data Engg. 17 (1), pp: 4-23.
- Joshi J, Ghafoor A, Aref W, and Spafford E, (2001) Digital government security infrastructure design challenges. IEEE Computer. 34(2), pp: 66-72.
- Kong G and Li J (2007) Research on RBAC-based separation of duty constraints. J. Information & Computing Sci. 2(3), pp: 235-240.
- Kuhn R (1997) Mutual exclusion of roles, a means of implementing separation of duty in role- based access control systems. Proc. of the 2nd ACM Workshop on Role-based Access Control (RBAC' 97), Fairfax, VA. ACM Press, NY. pp: 23-30.
- Li N, Bizri Z, and Tripunitara M (2007) On mutuallyexclusive roles and separation of duty. ACM transaction on information and system security (ACMTISSEC), 10(2), pp: 5-36.
- Sandhu R (1988) Transaction control Expressions for separation of duties. IEEE 4th Aerospace Computer Security Applications Conference, Oakland, CA. pp: 282-286.
- Sandhu R (1990) Separation of duties in computerized information systems. Proc. of the IFIP WG11.3 Workshop on Database Security, Halifax,UK.pp:18-21
- Sandhu R, Coyne E, Feinstein H and Youman C (1996) Role-based access control models. IEEE Computer. 29(2), pp: 38-47.
- Simon R and Zurko M (1997) Separation of duty in role based environments. Proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport, MA. pp: 183-194.
- Tang Z, Li R, Lu Z and Wen Z (2007) Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk. Lecture Notes in Computer Science Information Security Applications: 8th Intl. Workshop. pp: 277-290.
- Zhang Z, Geng Y, Li T and Xiao J (2005) Analysis of enhanced separation of duty in role-based access control model. Proc. of the 11th Joint Intl. Computer Conf, Chonqing, China. World Sci. Publ. Co. pp: 69-72.
Abstract Views: 479
PDF Views: 102