Object based dynamic separation of duty in RBAC

Author

Habib, M.A. ; Praher, C.

Author_Institution

FIM, Johannes Kepler Univ., Linz, Austria

fYear

2009

fDate

9-12 Nov. 2009

Firstpage

1

Lastpage

5

Abstract

Role Based Access Control (RBAC) offers tight security of information and ease of management to implement. RBAC is a proven and open ended technology that is being attracted by most of the organizations for its capability to reduce security administration in terms of cost and complexity. The focus of this paper is one of the important factors in RBAC, i.e. Dynamic Separation of Duty (DSD) which is implemented to avoid internal security threats. We discuss DSD from a different perspective i.e. object based separation of duty. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a newly updated definition of DSD. Different examples have been given regarding object based DSD with different scenarios. We also described benefits of implementing newly proposed definition of DSD.

Keywords

access control; security of data; RBAC duty; different problems observations; dynamic separation duty; ease management implement; internal security threats; newly proposed definition; newly updated definition; object based dynamic separation; object based separation; open ended technology; reduce security administration; respect formal definitions; role based access control; tight security information; ANSI standards; Access control; Costs; Data security; Delay; Information security; Permission; Printers; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for

Conference_Location

London

Print_ISBN

978-1-4244-5647-5

Type

conf

DOI

10.1109/ICITST.2009.5402642

Filename

5402642