An Activity-Based Model for Separation of Duty

Details An Activity-Based Model for Separation of Duty An Activity-Based Model for Separation of Duty

2008-10-29

arxiv.org/abs/0810.5351v1

Computer Science

Cryptography and Security

Scientific paper

This paper offers several contributions for separation of duty (SoD) administration in role-based access control (RBAC) systems. We first introduce a new formal framework, based on business perspective, where SoD constraints are analyzed introducing the activity concept. This notion helps organizations define SoD constraints in terms of business requirements and reduces management complexity in large-scale RBAC systems. The model enables the definition of a wide taxonomy of conflict types. In particular, object-based SoD is introduced using the SoD domain concept, namely the set of data in which transaction conflicts may occur. Together with the formalization of the above properties, in this paper we also show the effectiveness of our proposal: we have applied the model to a large, existing organization; results highlight the benefits of adopting the proposed model in terms of reduced administration cost.

Affiliated with

Also associated with

No associations

Rating

An Activity-Based Model for Separation of Duty does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with An Activity-Based Model for Separation of Duty, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and An Activity-Based Model for Separation of Duty will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-277879