Title :
Security Analysis of Role-based Separation of Duty with Workflows
Author :
Hewett, Rattikorn ; Kijsanayothin, Phongphun ; Thipse, Aashay
Author_Institution :
Dept. of Comput. Sci., Texas Tech Univ., Lubbock, TX
Abstract :
Role-based access control (RBAC) is the most predominant access control model in today´s security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.
Keywords :
authorisation; workflow management software; authorization; enterprise workflow process; mutually exclusive role; role-based access control model; role-based separation of duty; security analysis; security management; sensitive information protection policy; verification algorithm; Access control; Authorization; Availability; Computer science; Computer security; Conference management; Contracts; History; Information security; Protection;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.71
