Title :
Implementing transaction control expressions by checking for absence of access rights
Author :
Ammann, Paul E. ; Sandhu, Ravi S.
Author_Institution :
George Mason Univ., Fairfax, VA, USA
fDate :
30 Nov-4 Dec 1992
Abstract :
Separation of duties is an important, real-world requirement that access control models should support. The transaction control expression (TCE) for specifying dynamic separation of duties was previously introduced. The implementation of TCEs in the typed access matrix model (TAM) is considered. It is shown that TAM requires extension for satisfactory handling of dynamic separation of duties. In particular, dynamic separation requires the capability to explicitly test for the absence of rights in cells of the access matrix. It is illustrated how TAM, extended to incorporate such tests, can implement TCEs. The impact of checks for absence of rights on safety analysis is discussed (i.e. the determination of whether or not a given subject can acquire a given right to a given object)
Keywords :
authorisation; TCEs; absence of rights; access control models; access rights; dynamic separation; safety analysis; separation of duties; transaction control expressions; typed access matrix model; Access control; Books; Control systems; Information systems; Permission; Protection; Safety; Software systems; Systems engineering and theory; Testing;
Conference_Titel :
Computer Security Applications Conference, 1992. Proceedings., Eighth Annual
Conference_Location :
San Antonio, TX
Print_ISBN :
0-8186-3115-5
DOI :
10.1109/CSAC.1992.228226
