Conflict checking of separation of duty constraints in RBAC - implementation experiences
نویسنده
چکیده
Separation of duty constraints define mutual exclusion relations between two entities (e.g. two permissions). Thus, a software component that supports the definition of separation of duty constraints implicitly requires a means to control their definition and to ensure the consistency of the resulting runtime structures. In this paper, we present our experiences with the implementation of conflict-checking methods for separation of duty constraints in the XORBAC access control service.
منابع مشابه
Edited by
The detection and resolution of constraint conflicts in RBAC have been overlooked and remain a significant research challenge. To address these concerns, in this paper, we classify constraint conflicts into two categories: internal constraint conflicts that occur when two or more constraints are deemed incompatible with each other and external constraint conflicts that occur when the configurat...
متن کاملImplementing Advanced RBAC Administration Functionality with USE1
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملResearch on RBAC - based Separation of Duty Constraints
Separation of duty (SOD) is an important characteristic in the role-based access control (RBAC) system. In view of some issues such as various variations of SOD constraints (SODs), ambiguous relations among constraint states, this paper formally defines several typical SODs and analyzes the transition relations among different SODs states. In combination with a delegation case, it goes an explo...
متن کاملImplementing Advanced RBAC Administration Functionality with USE
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملSpecification and Verification of a Context-Based Access Control Framework for Cyber Physical Systems
Arjmand Samuel, Hammad Haseeb, Arif Ghafoor and Elisa Bertino Abstract Cyber Physical Systems (CPS) are complex systems that operate in a dynamic environment where security characteristics of contexts are unique, and uniform access to secure resources anywhere anytime to mobile entities poses daunting challenges. To capture context parameters such as location and time in an access control polic...
متن کامل