Separation, review and supervision controls in the context of a credit application process - A case study of organisational control principles

Proceedings of the ACM Symposium on Applied Computing

Volumn 2, Issue , 2004, Pages 1380-1384

  Schaad, Andreas ^a   Moffett, Jonathan ^b  

^a Ernst and Young Global Ltd   (United Kingdom)

^b UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Control Principles; Delegation of Obligation; Management; Review; Roles; Security; Supervision

Indexed keywords

CONTROL PRINCIPLES; DELEGATION OF OBLIGATION; REVIEW; ROLES; SUPERVISION;

DISTRIBUTED COMPUTER SYSTEMS; MANAGEMENT; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS; SOFTWARE ENGINEERING; SPECIFICATIONS; SUPERVISORY PERSONNEL;

INFORMATION SCIENCE;

EID: 2442519396     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. Schaad, A. and J. Moffett. A Framework for Organisational Control Principles, in 18th Annual Computer Security Applications Conference. 2002. Las Vegas, Nevada, USA.
2. Jackson, D. A Micromodularity Mechanism, in 8th Joint Software Engineering Conference. 2001. Vienna, Austria.
3. Schaad, A. and J. Moffett. Delegation of Obligations. in 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002). 2002. Monterey
4. Schaad, A., J. Moffett, and J. Jacob. The access control system of a European bank - a case study, in 6th ACM Symposium on Access Control (SACMAT). 2001. Chantilly, VA, USA.
5. Kern, A., A. Schaad, and J. Moffett. An Administration Concept for the Enterprise Role-Based Access Control Model, in 8th ACM Symposium on Access Control Models and Technologies (SACMAT). 2003.
6. Schaad, A., A Framework for Organisational Control Principles, in Department of Computer Science. 2003, University of York.
7. Bacon, J. and K. Moody, Toward Open, Secure, Widely Distributed Services. Communications of the ACM, 2002. 45(6): p. 59-64.
8. Minsky, N. and V. Ungureanu, Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. ACM Transactions on Software Engineering, 2000. 9(3).
9. Kuhn, R. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, in ACM workshop on Role-based access control. 1997.
10. Gligor, V., S. Gavrila, and D. Ferraiolo. On the Formal Definition of Separation-of-Duty Policies and their Composition, in IEEE Symposium on Security and Privacy. 1998. Oakland, CA.
11. Unvick, L., Notes on the Theory of Organization. 1952: American Management Association.
12. Damianou, N., et al. The Ponder Policy Specification Language, in Policies for Distributed Systems and Networks. 2001. Bristol: Springer LNCS
13. Sandhu, R., et al., Role-based access control models. IEEE Computer, 1996. 29(2): p. 38-47.
14. Zhang, L., G. Ahn, and C. B. A Rule-based Framework for Role-Based Delegation, in 6th ACM Symposium on Access Control Models and Technologies. 2001. Chantilly, VA, USA.
15. Crampton, J. and G. Loizou. Administrative Scope and Role Hierarchy Operations, in 7th ACM Symposium on Access Control (SACMAT). 2002. Naval Postgraduate School, Monterey, CA, USA.
16. Sandhu, R., V. Bhamidipati, and Q. Munawer, The ARBAC97 model for role-based administration of roles. ACM TISSEC, 1999. 2(1): p. 105 - 135.
17. Schaad, A. and J. Moffett. A Lightweight Approach to Specification and Analysis of Role-based Access Control Extensions, in 7th ACM Symposium on Access Control (SACMAT). 2002. Monterey, CA.
18. Schaad, A. Conflict Detection in a Role-based Delegation Model, in 17th Annual Computer Security Applications Conference. 2001. New Orleans.