Transaction control expressions for separation of duties

Author

Sandhu, Ravi

Author_Institution

Dept. of Comput. & Inf. Sci., Ohio State Univ., Columbus, OH, USA

fYear

1988

fDate

12-16 Dec 1988

Firstpage

282

Lastpage

286

Abstract

The author describes a model and notation for specifying and enforcing aspects of integrity policies, particularly separation of duties. The key idea is to associate a transaction control expression with each information object. The transaction control expression constrains the pattern in which transactions can be executed on an object. As operations are actually executed the transaction control expressions gets converted to a history. This history serves to enforce separation of duties. Transient objects with a short lifetime are distinguished from persistent objects which are long-lived. Separation of duties is achieved by maintaining a complete history for transient objects but only a partial history for persistent objects. This is possible because of the system-enforced rule that transactions are executed on persistent objects only as a side effect of execution on transient objects

Keywords

data integrity; distributed databases; transaction processing; complete history; information object; integrity policies; partial history; persistent objects; separation of duties; transaction control expression; transient objects; Access control; Books; Computer crime; Computer errors; Concurrency control; History; Information science; Information systems; Protection; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Aerospace Computer Security Applications Conference, 1988., Fourth

Conference_Location

Orlando, FL

Print_ISBN

0-8186-0895-1

Type

conf

DOI

10.1109/ACSAC.1988.113349

Filename

113349