Title :
Object based dynamic separation of duty in RBAC
Author :
Habib, M.A. ; Praher, C.
Author_Institution :
FIM, Johannes Kepler Univ., Linz, Austria
Abstract :
Role Based Access Control (RBAC) offers tight security of information and ease of management to implement. RBAC is a proven and open ended technology that is being attracted by most of the organizations for its capability to reduce security administration in terms of cost and complexity. The focus of this paper is one of the important factors in RBAC, i.e. Dynamic Separation of Duty (DSD) which is implemented to avoid internal security threats. We discuss DSD from a different perspective i.e. object based separation of duty. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a newly updated definition of DSD. Different examples have been given regarding object based DSD with different scenarios. We also described benefits of implementing newly proposed definition of DSD.
Keywords :
access control; security of data; RBAC duty; different problems observations; dynamic separation duty; ease management implement; internal security threats; newly proposed definition; newly updated definition; object based dynamic separation; object based separation; open ended technology; reduce security administration; respect formal definitions; role based access control; tight security information; ANSI standards; Access control; Costs; Data security; Delay; Information security; Permission; Printers; Protection;
Conference_Titel :
Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for
Conference_Location :
London
Print_ISBN :
978-1-4244-5647-5
DOI :
10.1109/ICITST.2009.5402642
