Gligor et al., 1998
On the formal definition of separation-of-duty policies and their composition
Type
Article
Year
1998
Authors
Gligor, V.D., Gavrila, S.I., Ferraiolo, D.
Identifiers
DOI: 10/bt2jxk
Publication
Proceedings of the 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), IEEE Comput. Soc, Oakland, CA, USA
Pages
172–183
Abstract
In this paper we define formally a wide variety of separation-of-duty (SoD) properties, which include the best known to date, and establish their relationships within a formal model of role-based access control (RBAC). The formalism helps remove all ambiguities of informal definition, and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that practical implementation for SoD policies requires new methods and tools for security administration even within applications that already support RBAC, such as most database management systems.
Links
Citation
Gligor, V.D., Gavrila, S.I., Ferraiolo, D., 1998. On the formal definition of separation-of-duty policies and their composition, in: Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186). Presented at the Proceedings. IEEE Comput. Soc, Oakland, CA, USA, pp. 172–183. https://doi.org/10/bt2jxk
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.