Security analysis of Role-Based Separation of Duty with workflows

Rattikorn Hewett, Phongphun Kijsanayothin, Aashay Thipse

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

Role-Based Access Control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

Original languageEnglish
Title of host publicationARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings
Pages765-770
Number of pages6
DOIs
StatePublished - 2008
Event3rd International Conference on Availability, Security, and Reliability, ARES 2008 - Barcelona, Spain
Duration: Mar 4 2008Mar 7 2008

Publication series

NameARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Conference

Conference3rd International Conference on Availability, Security, and Reliability, ARES 2008
CountrySpain
CityBarcelona
Period03/4/0803/7/08

Fingerprint Dive into the research topics of 'Security analysis of Role-Based Separation of Duty with workflows'. Together they form a unique fingerprint.

Cite this