Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Towards a task-based paradigm for flexible and adaptable access control in distributed applications
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
ACM Computing Surveys (CSUR)
Turning points in interaction with computers
IBM Systems Journal
Production workflow: concepts and techniques
Production workflow: concepts and techniques
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Injecting RBAC to secure a Web-based workflow system
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Beyond Documents: Sharing Work
IEEE Internet Computing
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Context-Sensitive Access Control Model and Prototype Implementation
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Specification and querying of security constraints in the EFSOC framework
Proceedings of the 2nd international conference on Service oriented computing
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services
Distributed and Parallel Databases
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
A Rule-Based Framework Using Role Patterns for Business Process Compliance
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
A policy-based authorization model for workflow-enabled dynamic process management
Journal of Network and Computer Applications
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
RBAC for Organisation and Security in an Agent Coordination Infrastructure
Electronic Notes in Theoretical Computer Science (ENTCS)
A formal framework for adaptive access control models
Journal on data semantics IX
Conceptual model for online auditing
Decision Support Systems
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
User-managed access control for health care systems
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Role activation management in role based access control
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
On the exploitation of process mining for security audits: the conformance checking case
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Performance analysis for workflow management systems under role-based authorization control
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
On the Prevention of Fraud and Privacy Exposure in Process Information Flow
INFORMS Journal on Computing
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
Information and Software Technology
Hi-index | 0.00 |
Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of separation of duty found in the requirement of two signatures on a check. Previous work on separation of duty requirements often explored implementations based on role-based access control (RBAC) principles. These implementations are concerned with constraining the associations between RBAC components, namely users, roles, and permissions. Enforcement of the separation of duty requirements, although an integrity requirement, thus relies on an access control service that is sensitive to the separation of duty requirements. A distinction between separation of duty requirements that can be enforced in administrative environments, namely static separation of duty, and requirements that can only be enforced in a run-time environment, namely dynamic separation of duty, is required. It is argued that RBAC does not support the complex work processes often associated with separation of duty requirements, particularly with dynamic separation of duty. The workflow environment, being primarily concerned with the facilitation of complex work processes, provides a context in which the specification of separation of duty requirements can be studied. This paper presents the "conflicting entities" administration paradigm for the specification of static and dynamic separation of duty requirements in the workflow environment.