DocumentCode :
3392402
Title :
On the formal definition of separation-of-duty policies and their composition
Author :
Gligor, Virgil D. ; Gavrila, Serban I. ; Ferraiolo, David
Author_Institution :
Dept. of Electr. Eng., Maryland Univ., College Park, MD, USA
fYear :
1998
fDate :
3-6 May 1998
Firstpage :
172
Lastpage :
183
Abstract :
Formally defines a wide variety of separation-of-duty (SoD) properties, including the best known to date, and establishes their relationships within a formal model of role-based access control (RBAC). The formalism helps to remove all the ambiguities of informal definition and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems
Keywords :
authorisation; database management systems; formal specification; SoD property composability; ambiguities; database management systems; formal definition; implementation strategies; practical implementation; role-based access control; security administration; separation-of-duty policies; Access control; Data security; Database systems;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location :
Oakland, CA
ISSN :
1081-6011
Print_ISBN :
0-8186-8386-4
Type :
conf
DOI :
10.1109/SECPRI.1998.674833
Filename :
674833
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3392402
بازگشت