Abstract
Role based Access Control (RBAC) is known as an evolution in the field of access control. The strength of RBAC is considered due to the incorporation of concept of roles. Separation of Duty (SOD) is a constraint that implements least privilege principle in RBAC. Dynamic Separation of Duty (DSD) is a powerful constraint to control internal security threats. Current RBAC standard implements DSD on the level of roles. This creates various problems. In this paper, various problems in case of implementing DSD on the level of roles are identified. We show and prove that RBAC's strength is the incorporation of concept of roles but this is not for better security in terms of authorization. Instead this helps in better administration or usability for users. The RBAC usability can be improved if RBAC administration is being implemented on the basis of roles and access control can be more secure if DSD is being implemented on the basis of conflicting permissions. The concept of normalized roles is also introduced. The proposed model implements access control on the basis of normalized role. DSD is being implemented on the basis of conflicting permissions and non-conflicting permissions are exercised under the umbrella of role. This becomes a hybrid approach for access control. The administrators are given freedom in implementing DSD in various modes according to the organizational requirements from lenient to strict implementation. The proposed model is also formally specified and the benefits as a result of implementing the proposed model are discussed.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.