Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration

Moon, Chang-Joo; Park, Dae-Ha; Park, Soung-Jin; Baik, Doo-Kwon

doi:10.1016/j.cose.2003.09.004

Cited by 25 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…[8,9] explain the relationship between SoD and statically mutually exclusive role constraint. Recently, the research on SoD mainly concentrates on the description of constraint [10], the analysis of supporting SoD in various access control models [11,12], and the expansion of SoD constraint [13,14]. Therefore, in multi-domain environment, research on the satisfaction of constraints, namely security, is the basis of access control.…”

Section: Related Workmentioning

confidence: 99%

Security Assurance for Dynamic Role Mapping in a Multi-Domain Environment

He¹,

Wang²

2007

2007 International Conference on Computational Intelligence and Security (CIS 2007)

View full text Add to dashboard Cite

Multi-domain application environments where distributed domains interoperate with each other are becoming a reality in Internet-based enterprise applications. The secure interoperation in a multidomain environment is a challenging problem. Rolebased access control (RBAC) is used for specifying the security requirements of multi-domain applications in this paper. Then, role mapping relationship between domains is described by XML documents. Furthermore, the situations where dynamic role mapping violates separation of duties (SoD) which is one of the three basic security principles for the RBAC model are analyzed in detail, and relevant algorithms to detect the above security problem are designed in this paper.

show abstract

Section: Related Workmentioning

confidence: 99%

Security Assurance for Dynamic Role Mapping in a Multi-Domain Environment

He¹,

Wang²

2007

2007 International Conference on Computational Intelligence and Security (CIS 2007)

View full text Add to dashboard Cite

show abstract

“…Li et al [8] discussed about enforcing SoD policies and also studied problem of verification of enforcement. Moon et al [12] proposed a symmetric RBAC model that supplements the constraints on permission assignment. The proposed model reflects the conflicts of interests between roles by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration.…”

Section: Related Workmentioning

confidence: 99%

Separation of Duty in Role-Based Access Control Model through Fuzzy Relations

Sher

Magedanz

2007

Third International Symposium on Information Assurance and Security

View full text Add to dashboard Cite

As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclusive Role (SMER) constraints are used to enforce Static Separation of Duty policies. Dynamic Separation of duty policies, like SSoD policies, are intended to limit the permissions that are available to a user. However, DSoD policies differ from SSoD policies by the context in which these limitations are imposed. A DSoD policy limits the availability of the permissions over a users permission space by placing constraints on the roles that can be activated within or across a users sessions. Like SMER, in RBAC Dynamically Mutually Exclusive Role (DMER) constraints are used to enforce DSoD policies. We investigated using of a fuzzy approach to address the issue in order to provide a more practical solution. In this paper, we propose a model to express the separation of duty policies in RBAC using the fuzzy set theory. The concept of trustworthiness, which is fuzzy in nature, is used to express this model. In comparison with non-fuzzy methods, our method is more pragmatic and more consistent with the real world. The expressiveness of our method is higher than the nonfuzzy ones. We show expression of some constraints in our method which cannot be expressed by non-fuzzy methods. Applicability of the method is shown through an example of the real world.

show abstract

“…The model has four elements: users, roles, permissions, and sessions. A user represents a human activity or an autonomous agent, while a role is a job function or job title within the organization with certain associated semantics regarding the authority and responsibility conferred on a member of the role [4] . Permission is an approval of a particular mode of access to one or more objects in the system.…”

Section: A the Rbac Modelmentioning

confidence: 99%

Research and Implementation of Role-Based Access Control Model Based on Partition Number

Chen

Zhang

2009

2009 Second International Symposium on Computational Intelligence and Design

View full text Add to dashboard Cite

The Role-based Access Control (RBAC) Model has garnered great interest in the security community due to the flexible and secure nature of its applicability to the complex and sophisticated information system. But there are few research results about implementation analysis on RBAC. With the help of partition number theory, this paper provides a method of RBAC to implement data access permissions control in the major application system. One of the important research areas in this model is that the agent mechanism is introduced to implement RBAC. Secondly when a user enters the access system and gets a session, the user will be activated and the permission is granted simultaneously to ensure a safe and optimal operation in his session. Finally the implementation is analyzed for verifying the applicable value of the model.

show abstract

Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration

Cited by 25 publications

References 12 publications

Security Assurance for Dynamic Role Mapping in a Multi-Domain Environment

Security Assurance for Dynamic Role Mapping in a Multi-Domain Environment

Separation of Duty in Role-Based Access Control Model through Fuzzy Relations

Research and Implementation of Role-Based Access Control Model Based on Partition Number

Contact Info

Product

Resources

About