On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security

Volumn 10, Issue 2, 2007, Pages

  Li, Ninghui ^a,b   Tripunitara, Mahesh V ^a,b   Bizri, Ziad ^a,b  

^a PURDUE UNIVERSITY   (United States)

^b Purdue University   (United States)

Author keywords

Computational complexity; constraints; Role based access control; separation of duty; verification

Indexed keywords

ROLE-BASED ACCESS CONTROL; SEPARATION-OF-DUTY; STATICALLY MUTUALLY EXCLUSIVE ROLES (SMER);

COMPUTATIONAL COMPLEXITY; CONSTRAINT THEORY; MATHEMATICAL MODELS; VERIFICATION;

SECURITY OF DATA;

EID: 34249745790     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1237500.1237501     Document Type: Article

References (40)

1. AHN, G.-J. AND SANDHU, R. S. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of the 4th Workshop on Role-Baaed Access Control. 43-54.
2. AHN, G.-J. AND SANDHU, R. S. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207-226.
3. ANSI. 2004. American national standard for information technology-role based access control. ANSI INCITS 359-2004.
4. ATLURI, V. AND HUANG, W. 1996. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS). 44-64.
5. BALDWIN, R. W. 1990. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 116-132.
6. BERTINO, E., FERRARI, E., AND ATLURI, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2, 1 (Feb.), 65-104.
7. BOTHA, R. AND ELOFF, J. 2001. Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40, 3, 666-682.
8. CLARK, D. D. AND WILSON, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, D.C. 184-194.
9. CHAMPTON, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003). Como, Italy. 43-50.
10. CRAMPTON, J. 2004. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of the 3rd Workshop on Foundations of Computer Security. Turku, Finland. 61-74.
11. CRAMPTON, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (SACMAT 2005). Stockholm, Sweden. 38-47.
12. DU, D., GU, J., AND PARDALOS, P. M., Eds. 1997. Satisfiability Problem: Theory and Applications. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 35. AMS Press, Brooklyn, NY.
13. FERRAIOLO, D. F. AND KUHN, D. R. 1992. Role-based access control. In Proceedings of the 15th National Information Systems Security Conference.
14. FERRAIOLO, D. F., CUIGINI, J. A., AND KUHN, D. R. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC'95).
15. FEHRAIOLO, D. F., SANDHU, R. S., GAVRILA, S., KUHN, D. R., AND CHANDRAMOULI, R. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4, 3 (Aug.), 224-274.
16. FERRAIOLO, D. F., KUHN, D. R., AND CHANDRAMOULI, R. 2003. Role-Based Access Control. Artech House.
17. FOLEY, S., GONG, L., AND QIAN, X. 1996. A security model of dynamic labeling providing a tiered approach to verification. In Proceedings of IEEE Symposium on Research in Security and Privacy, 142-153.
18. FOLEY, S. N. 1997. The specification and implementation of 'commercial' security requirements including dynamic segregation of duties. In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS-4). 125-134.
19. GAREY, M. R. AND JOHNSON, D. J. 1979. Computers And Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco, CA.
20. GLIGOR, V. D., GAVRILA, S. I., AND FERRAIOLO, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy. 172-183.
21. JAEGER, T. 1999. On the increasing importance of constraints. In Proceedings of ACM Workshop on Role-Based Access Control. 33-42.
22. JAEGER, T. AND TIDSWELL, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158-190.
23. JOSHI, J., BERTINO, E., SHAFIQ, B., AND GHAFOOR, A. 2003. Dependencies and separation of duty constraints in gtrbac. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT). 51-64.
24. JOSHI, J., BERTINO, E., LATIF, U., AND GHAFOOR, A. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering (TKDE) 17, 1 (Jan.), 4-23.
25. KANDALA, S. AND SANDHU, R. 2002. Secure Role-Based Workflow Models. In Proceedings of the Fifteenth Annual Working Conference on Database and Application Security, Kluwer Academic Publishers, Norwell, MA. 45-58.
26. KNORR, K. AND STOHMER, H. 2001. Modeling and Analyzing Separation of Duties in Workflow Environments. 199-212.
27. KUHN, D. R. 1997. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97). 23-30.
28. LI, N., BIZRI, Z., AND TRIPUNITARA, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS-11). ACM Press, New York. 42-51.
29. NASH, M. J. AND POLAND, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy. 201-209.
30. PAPADIMITRIOU, C. H. 1994. Computational Complexity. Addison Wesley Longman, New York.
31. SALTZER, J. H. AND SCHROEDER, M. D. 1975. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept.), 1278-1308.
32. SANDHU, R. 1990. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security.
33. SANDHU, R. AND JAJODIA, S. 1990. Integrity mechanisms in database management systems. In Proceedings of the 13th NIST-NCSC National Computer Security Conference. 526-540.
34. SANDHU, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Annual Computer Security Applications Conference (ACSAC'88).
35. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.
36. SCHAAD, A., MOFFETT, J., AND JACOB, J. 2001. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 3-9.
37. SIMON, T. T. AND ZURKO, M. E. 1997. Separation of duty in role-based environments. In Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Washington, D.C. 183-194.
38. TAN, K., CHAMPTON, J., AND GUNTER, C. 2004. The consistency of task-based authorization constraints in workflow systems. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 155-169.
39. TIDSWELL, J. AND JAEGER, T. 2000. An access control model for simplifying constraint expression. In Proceedings of ACM Conference on Computer and Communications Security. 154-163.
40. TING, T. C. 1988. A user-role based data security approach. In Database Security: Status and Prospects. Results of the IFIP WG 11.3 Initial Meeting, C. Landwehr, Ed. North-Holland, Amsterdam. 187-208.