Beyond separation of duty: An algebra for specifying high-level security policies

Journal of the ACM

Volumn 55, Issue 3, 2008, Pages

  Li, Ninghui ^a,b   Wang, Qihua ^a,b  

^a PURDUE UNIVERSITY   (United States)

^b PURDUE UNIVERSITY   (United States)

Author keywords

Access control; Policy design; Separation of duty

Indexed keywords

ALGEBRAIC PROPERTIES; COMPUTATIONAL PROBLEMS; FORMAL SPECIFICATIONS; HIGH-LEVEL POLICIES; POLICY ANALYSIS; POLICY DESIGN; POTENTIAL MECHANISMS; SCHEME DESIGN; SECURITY CONSTRAINTS; SECURITY CONTROLS; SECURITY POLICIES; SEPARATION OF DUTIES; SEPARATION OF DUTY; TASK DESIGN; WORK-FLOWS;

ACCESS CONTROL; ALGEBRA; BOOLEAN ALGEBRA; COMPUTATIONAL LINGUISTICS; INFORMATION THEORY; ISOMERS; MATRIX ALGEBRA; PROCESS ENGINEERING; SECURITY SYSTEMS; SEPARATION;

PUBLIC POLICY;

EID: 49449083108     PISSN: 00045411     EISSN: 1557735X     Source Type: Journal    
DOI: 10.1145/1379759.1379760     Document Type: Article

References (31)

1. ABADI, M., BURROWS, M., LAMPSON, B., AND PLOTKIN, G. 1993. A calculus for access control in distributed systems. ACM Trans. Prog. Lang. Syst. 15, 4 (Oct.), 706-734.
2. AHN, G.-J., AND SANDHU, R. S. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of the 4th Workshop on Role-Based Access Control. 43-54.
3. AHN, G.-J., AND SANDHU, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Sec. 3, 4 (Nov.), 207-226.
4. ATLURI, V., AND HUANG, W. 1996. An authorization, model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS). 44-64.
5. ATLURI, V., AND WARNER, J. 2005. Supporting conditional delegation in secure workflow management systems. In SACMAT '05: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. ACM, New York, 49-58.
6. BERTINO, E., FERRARI, E., AND ATLURI, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Sec. 2, 1 (Feb.), 65-104.
7. BARTH, A., AND MITCHELL, J. 2006. Managing digital rights using linear logic. In Proceedings of the 21 st Annual IEEE Symposium on Logic in Computer Science (LICS). IEEE Computer Society Press, Los Alamitos, CA, 127-136.
8. BONATTI, P., DE CAPITANIDI VIMERCATI, S., AND SAMARATI, P. 2000. A modular approach to composing access control policies. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, New York, 164-173.
9. BONATTI, P., DE CAPITANIDI VLMERCATL, S., AND SAMARATI, P. 2002. An algebra for composing access control policies. ACM Trans. Inf. Syst. Sec. (TISSEC) 5, 1 (Feb.), 1-35.
10. CLARK, D. D., AND WILSON, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 184-194.
11. CRAMPTON, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003) (Como, Italy). ACM, New York, 43-50.
12. CRAMPTON, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005) (Stockholm, Sweden). ACM, New York, 38-47.
13. GAREY, M. R., AND JOHNSON, D. S. 1979. Computers And Intractability. W. H. Freeman.
14. GLIGOR, V. D., GAVRILA, S. I., AND FERRAIOLO, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 172-183.
15. JAEGER, T. 1999. On the increasing importance of constraints. In Proceedings of the ACM Workshop on Role-Based Access Control (RBAC). ACM, New York, 33-42.
16. JAEGER, T., AND TIDSWELL, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Inf. Syst. Sec. 4, 2 (May), 158-190.
17. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 114-130.
18. LI, N., TRIPUNITARA, M. V., AND BIZRI, Z. 2007. On mutually exclusive roles and separation-of-duty. ACM Trans. Inf. Syst. Sec. (TISSEC) 10, 2, 5.
19. MCLEAN, J. 1988. The algebra of security. In Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 2-7.
20. NASH, M. J., AND POLAND, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 201-209.
21. PAPADIMITTIOU, C. H., AND STEIGLITZ, K. 1982. Combinatorial Optimization. Prentice-Hall, Englewood Cliffs, NJ.
22. PINCUS, J., AND WING, J. M. 2005. Towards an algebra for security policies (extended abstract). In Proceedings of ICATPN 2005. Lecture Notes in Computer Science, vol. 3536. Springer-Verlag, New York, 17-25.
23. SALTZER, J. H., AND SCHROEDER, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sep.), 1278-1308.
24. SANDHU, R. 1990. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security.
25. SANDHU, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC'88).
26. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2 (Feb.), 38-47.
27. SMON, T. T., AND ZURKO, M. E. 1997. Separation of duty in role-based environments. In Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA, 183-194.
28. TAN, K., CRAMPTON, J., AND GUNTER, C. 2004. The consistency of task-based authorization constraints in workflow systems. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press, Los Alamitos, CA, 155-169.
29. TIDSWELL, J., AND JAEGER, T. 2000. An access control model for simplifying constraint expression. In Proceedings of ACM Conference on Computer and Communications Security. ACM, New York, 154-163.
30. WANG, Q., AND LI, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS). 90-105.
31. WUESEKERA, D., AND JAJODIA, S. 2003. A propositional policy algebra for access control. ACM Trans. Inf. Syst. Sec. 6, 2 (May), 286-325.