On the Formal Definition of Separation-of-Duty Policies and their Composition

نویسندگان

  • Virgil D. Gligor
  • Serban I. Gavrila
  • David F. Ferraiolo
چکیده

In this paper we define formally a wide variety of separation-of-duty (SoD) properties, which include the best known to date, and establish their relationships within a formal model of role-based access control (RBAC). The formalism helps remove all ambiguities of informal definition, and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that practical implementation for SoD policies requires new methods and tools for security administration even within applications that already support RBAC, such as most database management systems.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A model for specification, composition and verification of access control policies and its application to web services

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...

متن کامل

Computationally secure multiple secret sharing: models, schemes, and formal security analysis

A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...

متن کامل

On the Satisfiability of Constraints in Workflow Systems

The specification and enforcement of authorization policies such as separation of duty and binding of duty in workflow systems is an important area of current research in computer security. We introduce a formal model for constrained workflow systems that incorporate constraints for implementing such policies. We define an entailment constraint, which is defined on a pair of tasks in a workflow...

متن کامل

Conflict checking of separation of duty constraints in RBAC - implementation experiences

Separation of duty constraints define mutual exclusion relations between two entities (e.g. two permissions). Thus, a software component that supports the definition of separation of duty constraints implicitly requires a means to control their definition and to ensure the consistency of the resulting runtime structures. In this paper, we present our experiences with the implementation of confl...

متن کامل

پیوند سیاست با عرفان در مرصاد العباد نجم رازی

This study investigates Mersād al-‘Ebād and its contents on the policies of the rulers. Chapter five of this book on “various groups and their policies” deals with policies of different monarch and ministers of the time. It discusses issues such as the legitimacy of the monarchs, the position of kingdom in mysticism, special and ordinary kingdoms, and the superiority of monarchs over prophecy p...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1998