DocumentCode
3392402
Title
On the formal definition of separation-of-duty policies and their composition
Author
Gligor, Virgil D. ; Gavrila, Serban I. ; Ferraiolo, David
Author_Institution
Dept. of Electr. Eng., Maryland Univ., College Park, MD, USA
fYear
1998
fDate
3-6 May 1998
Firstpage
172
Lastpage
183
Abstract
Formally defines a wide variety of separation-of-duty (SoD) properties, including the best known to date, and establishes their relationships within a formal model of role-based access control (RBAC). The formalism helps to remove all the ambiguities of informal definition and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems
Keywords
authorisation; database management systems; formal specification; SoD property composability; ambiguities; database management systems; formal definition; implementation strategies; practical implementation; role-based access control; security administration; separation-of-duty policies; Access control; Data security; Database systems;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location
Oakland, CA
ISSN
1081-6011
Print_ISBN
0-8186-8386-4
Type
conf
DOI
10.1109/SECPRI.1998.674833
Filename
674833
Link To Document