Separation of duty in role-based environments

Simon, Richard T.; Zurko, Mary Ellen

doi:10.1109/csfw.1997.596811

Cited by 221 publications

(229 citation statements)

References 12 publications

Supporting

Mentioning

219

Contrasting

Unclassified

Order By: Relevance

“…Authorization constraints may need to be imposed on the RBAC functions and relations in order to prevent the information misuse and fraudulent activities. In the literature, several kinds of authorization constraints have been identified such as various types of static and dynamic SOD constraints [7,8,9]; constraints on delegation [10]; cardinality constraints [3]; context constraints [10,11].…”

Section: Rbac and Authorization Constraintsmentioning

confidence: 99%

“…If the PEP and PDP need feedback from the Application Web Service, then a trust relationship in that direction must also exist. This, for instance, is the case if the access history (needed for implementing History-based SOD [9]) must be updated after an operation has been successfully carried out by the Application Web Service. Due to the fact that we concentrate here on the implementation of RBAC policies and the authorization engine, we do not deal with trust aspects in this paper in more detail.…”

Section: Trust Considerationsmentioning

confidence: 99%

“…A typical example of conflicting users is family members who could collude to commit fraud. The third constraint is the Simple Dynamic SOD (SDSOD) constraint [9], which states that a user must not activate the "Customer" and the "Cashier" role simultaneously. Technically, CU and CR denote sets of conflicting users and roles, respectively.…”

Section: Functionality Of the Authorization Enginementioning

confidence: 99%

“…One example is Object-Based Dynamic SOD (ObjDSOD) as proposed by Simon and Zurko [9]. ObjDSOD states that a user may act upon an object with at most one critical operation.…”

Section: History-based Sodmentioning

confidence: 99%

“…Specifically, advanced RBAC concepts like role-based authorization constraints are a powerful means for laying out higher-level organizational rules [7]. Hence, we define an RBAC policy as hierarchical RBAC in the sense of the RBAC standard [14] plus a set of organizational rules where each rule corresponds to a rolebased authorization constraint, such as separation of duty (SOD) constraints [7,8,9], cardinality constraints [3], and context constraints [10,11].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Sohr

Mustafa

Bao

et al. 2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints. Using this system, we also demonstrate how the authorization constraints can be specified in OCL and then be implemented by USE.

show abstract

Section: Rbac and Authorization Constraintsmentioning

confidence: 99%

Section: Trust Considerationsmentioning

confidence: 99%

Section: Functionality Of the Authorization Enginementioning

confidence: 99%

“…One example is Object-Based Dynamic SOD (ObjDSOD) as proposed by Simon and Zurko [9]. ObjDSOD states that a user may act upon an object with at most one critical operation.…”

Section: History-based Sodmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Sohr

Mustafa

Bao

et al. 2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

show abstract

The E‐CARGO Model

2021

E‐CARGO and Role‐Based Collaboration

View full text Add to dashboard Cite

Coordinating access control in grid services

Chadwick

Laborde

2007

Concurrency and Computation

View full text Add to dashboard Cite

We describe how to control the cumulative use of distributed grid resources by using coordination-aware policy decision points (coordinated PDPs) and an SQL database to hold 'coordination' data. When access to a resource is granted, obligations in the security policy ensure that the coordination database is updated. The coordination database is a normal grid service providing distributed access to the coordinated PDPs. Access to the databases is secured by the grid security infrastructure (GSI) and its own PDP, so that only authorized users (the coordinated PDPs) can access it. A coordinated PDP is imbedded into the Globus Toolkitv4 authorization chain as a custom PDP so that any grid service can be protected by a security policy that provides a coordination capability. Each coordinated PDP uses the services of an uncoordinated PDP to make its access control decisions, so that any existing stateless PDP can be supplemented with a coordination capability. We provide performance results for the coordinated PDPs and compare these with two stateless PDPs. Virtually the entire performance penalty of using coordinated PDPs is accounted for by the heavy costs of using GSI to secure communications between the coordinated PDPs and the coordination database. around with him. Providing a similar capability for grid jobs, for example, to limit the amount of storage or cpu that a user may request per day or per job from any location on the grid, is not so easy. The grid job will almost certainly run on different machines under different administrative control, will probably run under different account names on each machine, and the access control mechanism of one machine is typically unable to communicate with those of the other machines. The security token that is often passed from machine to machine is the proxy certificate [1], but this is not used by the policy decision points (PDPs) to communicate with each other and is not under their direct control (unlike the bank card inserted into an ATM). Consequently, the design of a policy-based coordinated access control system presents a number of challenges.The lack of communication between the PDPs of distributed applications can be addressed today by sidestepping the issue and using a centralized PDP with a common policy that is used by all the grid resources (see Figure 1). Such a system has been available for several years to grid applications that use Globus Toolkit (GT) from v3.3 onwards. GT is capable of making an external authorization callout using the GGF SAML authorization protocol specification [2], and several PDPs such as PERMIS [3] and PRIMA [4] have implemented this protocol. This sort of access control infrastructure allows a common policy to be used by all the resources of a grid, but since most PDPs today are stateless they are still unable to coordinate their access control decisions across multiple access requests. A further disadvantage of this configuration is that the central PDP is a bottleneck to performance because every request needs to be diverted ...

show abstract

Separation of duty in role-based environments

Cited by 221 publications

References 12 publications

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

The E‐CARGO Model

Coordinating access control in grid services

Contact Info

Product

Resources

About