Gligor et al., 1998

On the formal definition of separation-of-duty policies and their composition

Type

Article

Year

1998

Authors

Gligor, V.D., Gavrila, S.I., Ferraiolo, D.

Identifiers

Publication

Proceedings of the 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), IEEE Comput. Soc, Oakland, CA, USA

Pages

172–183

Abstract

In this paper we define formally a wide variety of separation-of-duty (SoD) properties, which include the best known to date, and establish their relationships within a formal model of role-based access control (RBAC). The formalism helps remove all ambiguities of informal definition, and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that practical implementation for SoD policies requires new methods and tools for security administration even within applications that already support RBAC, such as most database management systems.

(Gligor et al., 1998, p. 172)

Links

Citation

Gligor, V.D., Gavrila, S.I., Ferraiolo, D., 1998. On the formal definition of separation-of-duty policies and their composition, in: Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186). Presented at the Proceedings. IEEE Comput. Soc, Oakland, CA, USA, pp. 172–183. https://doi.org/10/bt2jxk


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.