Title :
Transaction control expressions for separation of duties
Author_Institution :
Dept. of Comput. & Inf. Sci., Ohio State Univ., Columbus, OH, USA
Abstract :
The author describes a model and notation for specifying and enforcing aspects of integrity policies, particularly separation of duties. The key idea is to associate a transaction control expression with each information object. The transaction control expression constrains the pattern in which transactions can be executed on an object. As operations are actually executed the transaction control expressions gets converted to a history. This history serves to enforce separation of duties. Transient objects with a short lifetime are distinguished from persistent objects which are long-lived. Separation of duties is achieved by maintaining a complete history for transient objects but only a partial history for persistent objects. This is possible because of the system-enforced rule that transactions are executed on persistent objects only as a side effect of execution on transient objects
Keywords :
data integrity; distributed databases; transaction processing; complete history; information object; integrity policies; partial history; persistent objects; separation of duties; transaction control expression; transient objects; Access control; Books; Computer crime; Computer errors; Concurrency control; History; Information science; Information systems; Protection; Security;
Conference_Titel :
Aerospace Computer Security Applications Conference, 1988., Fourth
Conference_Location :
Orlando, FL
Print_ISBN :
0-8186-0895-1
DOI :
10.1109/ACSAC.1988.113349
