• DocumentCode
    3344052
  • Title

    Object based dynamic separation of duty in RBAC

  • Author

    Habib, M.A. ; Praher, C.

  • Author_Institution
    FIM, Johannes Kepler Univ., Linz, Austria
  • fYear
    2009
  • fDate
    9-12 Nov. 2009
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Role Based Access Control (RBAC) offers tight security of information and ease of management to implement. RBAC is a proven and open ended technology that is being attracted by most of the organizations for its capability to reduce security administration in terms of cost and complexity. The focus of this paper is one of the important factors in RBAC, i.e. Dynamic Separation of Duty (DSD) which is implemented to avoid internal security threats. We discuss DSD from a different perspective i.e. object based separation of duty. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a newly updated definition of DSD. Different examples have been given regarding object based DSD with different scenarios. We also described benefits of implementing newly proposed definition of DSD.
  • Keywords
    access control; security of data; RBAC duty; different problems observations; dynamic separation duty; ease management implement; internal security threats; newly proposed definition; newly updated definition; object based dynamic separation; object based separation; open ended technology; reduce security administration; respect formal definitions; role based access control; tight security information; ANSI standards; Access control; Costs; Data security; Delay; Information security; Permission; Printers; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-5647-5
  • Type

    conf

  • DOI
    10.1109/ICITST.2009.5402642
  • Filename
    5402642