Title :
Separation of Duty Constraint for Permission Based Delegation Model
Author :
Huang, Chao ; Sun, Jianling ; Wang, Xinyu ; Si, Yuanjie
Author_Institution :
Dept. of Comput. Sci., Zhejiang Univ., Hangzhou
Abstract :
In large enterprise software systems, users often need to delegate their authority to others. Permission base delegation model (PBDM) based on RBAC96 currently is the most attractive model to fulfill the delegation requirement since it supports partly delegation and multiple steps delegation. However in PBDM there is no explicit specification of the separation of duty (SOD) constraint, which is one of the most important constraints and is essential to the security of the system. In this paper, we analyze the SOD constraint in PBDM delegation model and give the formal definition for the constraint. We prove that the constraint violation will not happen at the stage of the delegation role definition whereas it can only happen at the stage of role assignment. We then propose a protective mechanism to prevent the illegal role delegation utilizing the prerequisite conditions which are a set of Boolean expressions. We also give the algorithm to check the prerequisite conditions to help the security administrator guarantee the safe role delegation.
Keywords :
Boolean algebra; authorisation; business data processing; Boolean expressions; PBDM delegation model; base delegation model; constraint violation; delegation requirement; delegation role definition; enterprise software systems; illegal role delegation; permission based delegation model; security administrator; separation of duty constraint; system security; Access control; Chaos; Computer science; Information management; Permission; Protection; Security; Seminars; Software systems; Sun; PBDM; RBAC; SOD; constraint; safe delegation; security;
Conference_Titel :
Business and Information Management, 2008. ISBIM '08. International Seminar on
Conference_Location :
Wuhan
Print_ISBN :
978-0-7695-3560-9
DOI :
10.1109/ISBIM.2008.132
