Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
A Chinese wall security model for decentralized workflow systems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Analyzing Separation of Duties in Petri Net Workflows
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Application security support in the operating system kernel
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Application security support in the operating system kernel
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Direct static enforcement of high-level security policies
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
| Hi-index | 0.00 |
Consider a set of users who collectively perform a sequence of actions to complete a task. Separation of duty constraints hold when there are restrictions which are intended to require that not all actions are performed by the same user.The approvability graph is introduced to describe the sequences of actions which correspond to one or more tasks. The graph can represent multiple possible outcomes (different completions from the same starting point) as well as allowing for repeated actions. Hence, the graph describes a set of sequences, not necessarily finite, which define when a task is complete.The graph-based mechanism also describes separation of duty constraints between different actions, ensuring that different actions are performed by different users. (It can also require different actions to be performed by the same user.)Algorithms are presented to analyze the number of users needed to ensure that any such sequence can be completed, even in the presence of loops or alternative outcomes. The various properties that arise in approval sequences are then explored to characterize well formed systems and to examine their complexity. In particular, we show how to achieve bounds on the number of users which must be members of each role.Determining the minimum number of users to complete a dynamic separation of duty task is proven to be NP-Complete.