• DocumentCode
    3392402
  • Title

    On the formal definition of separation-of-duty policies and their composition

  • Author

    Gligor, Virgil D. ; Gavrila, Serban I. ; Ferraiolo, David

  • Author_Institution
    Dept. of Electr. Eng., Maryland Univ., College Park, MD, USA
  • fYear
    1998
  • fDate
    3-6 May 1998
  • Firstpage
    172
  • Lastpage
    183
  • Abstract
    Formally defines a wide variety of separation-of-duty (SoD) properties, including the best known to date, and establishes their relationships within a formal model of role-based access control (RBAC). The formalism helps to remove all the ambiguities of informal definition and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems
  • Keywords
    authorisation; database management systems; formal specification; SoD property composability; ambiguities; database management systems; formal definition; implementation strategies; practical implementation; role-based access control; security administration; separation-of-duty policies; Access control; Data security; Database systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-8186-8386-4
  • Type

    conf

  • DOI
    10.1109/SECPRI.1998.674833
  • Filename
    674833