Research on RBAC - based Separation of Duty Constraints
نویسنده
چکیده
Separation of duty (SOD) is an important characteristic in the role-based access control (RBAC) system. In view of some issues such as various variations of SOD constraints (SODs), ambiguous relations among constraint states, this paper formally defines several typical SODs and analyzes the transition relations among different SODs states. In combination with a delegation case, it goes an exploration and discussion on the SODs state transition issues, and proposes some corresponding solutions.
منابع مشابه
Implementing Advanced RBAC Administration Functionality with USE1
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملConflict checking of separation of duty constraints in RBAC - implementation experiences
Separation of duty constraints define mutual exclusion relations between two entities (e.g. two permissions). Thus, a software component that supports the definition of separation of duty constraints implicitly requires a means to control their definition and to ensure the consistency of the resulting runtime structures. In this paper, we present our experiences with the implementation of confl...
متن کاملImplementing Advanced RBAC Administration Functionality with USE
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملA temporal-logic extension of role-based access control covering dynamic separation of duties
Security policies play an important role in today’s computer systems. We show some severe limitations of the widespread standard role-based access control (RBAC) model, namely that object-based dynamic separation of duty as introduced by Nash and Poland cannot be expressed with it. We suggest to overcome these limitations by extending the RBAC model with an execution history. The natural next s...
متن کاملMutual Exclusion of Roles as aMeans of
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally diierent from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as...
متن کامل