Title :
A temporal-logic extension of role-based access control covering dynamic separation of duties
Author :
Mossakowski, Till ; Drouineaud, Michael ; Sohr, Karsten
Author_Institution :
Dept. of Comput. Sci., Bremen Univ., Germany
Abstract :
Security policies play an important role in today´s computer systems. We show some severe limitations of the wide-spread standard role-based access control (RBAC) model, namely that object-based dynamic separation of duty as introduced by Nash and Poland cannot be expressed with it. We suggest to overcome these limitations by extending the RBAC model with an execution history. The natural next step is then to add temporal logic for the specification of execution orders. We show that with this, object-based dynamic separation of duty, as well as other policies, can be adequately specified.
Keywords :
authorisation; security of data; temporal logic; RBAC model; dynamic duty separation; object-based dynamic separation; role-based access control; temporal logic; Access control; Banking; Computer science; Computer security; History; Humans; Logic; NIST; National security; Permission;
Conference_Titel :
Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings. 10th International Symposium on
Print_ISBN :
0-7695-1912-1
DOI :
10.1109/TIME.2003.1214883
