Abstract
The principle of separation of duty is widely studied in the literature. Techniques for enforcing separation of duty (SD) policies fall under three categories, namely: static, dynamic and history-based separation of duty. Static SD is very limited in terms of its applicability and the use case it supports. In contrast, models that enforce SD dynamically have richer semantics therefore providing support for a wider number of SD policies. However, the use cases they support may be more than what typical systems require. The generality in these approaches makes them more costly and complicated to implement.This paper proposes a formal model of separation of duty that captures a certain type of separation of duty policies. The model is accessible such that one could easily incorporate it into existing access control models that do not yet have interfaces for creation and enforcement of separation of duty policies. More concretely, we described how our model was incorporated into the Role-based Access Control (RBAC) model to extend its separation of duty capabilities. We showed that this process was straightforward and the changes we have made in the RBAC specification were controlled and mostly additive ones. Moreover we also showed that under our model, one could also reduce the number of permissions that have to be managed in an access control system.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.