Security analysis of Role-Based Separation of Duty with workflows

Rattikorn Hewett; Phongphun Kijsanayothin; Aashay Thipse

doi:10.1109/ARES.2008.71

Security analysis of Role-Based Separation of Duty with workflows

Rattikorn Hewett, Phongphun Kijsanayothin, Aashay Thipse

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Role-Based Access Control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

Original language	English
Title of host publication	ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings
Pages	765-770
Number of pages	6
DOIs	https://doi.org/10.1109/ARES.2008.71
State	Published - 2008
Event	3rd International Conference on Availability, Security, and Reliability, ARES 2008 - Barcelona, Spain Duration: Mar 4 2008 → Mar 7 2008

Publication series

Name	ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Conference

Conference	3rd International Conference on Availability, Security, and Reliability, ARES 2008
Country/Territory	Spain
City	Barcelona
Period	03/4/08 → 03/7/08

Access to Document

10.1109/ARES.2008.71

Cite this

Hewett, R., Kijsanayothin, P., & Thipse, A. (2008). Security analysis of Role-Based Separation of Duty with workflows. In ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings (pp. 765-770). Article 4529421 (ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings). https://doi.org/10.1109/ARES.2008.71

@inproceedings{a251e87780ef4e4daa86b4306ecbbb56,

title = "Security analysis of Role-Based Separation of Duty with workflows",

abstract = "Role-Based Access Control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.",

author = "Rattikorn Hewett and Phongphun Kijsanayothin and Aashay Thipse",

year = "2008",

doi = "10.1109/ARES.2008.71",

language = "English",

isbn = "0769531024",

series = "ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings",

pages = "765--770",

booktitle = "ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings",

note = "3rd International Conference on Availability, Security, and Reliability, ARES 2008 ; Conference date: 04-03-2008 Through 07-03-2008",

}

Hewett, R, Kijsanayothin, P & Thipse, A 2008, Security analysis of Role-Based Separation of Duty with workflows. in ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings., 4529421, ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings, pp. 765-770, 3rd International Conference on Availability, Security, and Reliability, ARES 2008, Barcelona, Spain, 03/4/08. https://doi.org/10.1109/ARES.2008.71

Security analysis of Role-Based Separation of Duty with workflows. / Hewett, Rattikorn; Kijsanayothin, Phongphun; Thipse, Aashay.
ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings. 2008. p. 765-770 4529421 (ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security analysis of Role-Based Separation of Duty with workflows

AU - Hewett, Rattikorn

AU - Kijsanayothin, Phongphun

AU - Thipse, Aashay

PY - 2008

Y1 - 2008

N2 - Role-Based Access Control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

AB - Role-Based Access Control (RBAC) is the most predominant access control model in today's security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

UR - http://www.scopus.com/inward/record.url?scp=49049117584&partnerID=8YFLogxK

U2 - 10.1109/ARES.2008.71

DO - 10.1109/ARES.2008.71

M3 - Conference contribution

AN - SCOPUS:49049117584

SN - 0769531024

SN - 9780769531021

T3 - ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

SP - 765

EP - 770

BT - ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

T2 - 3rd International Conference on Availability, Security, and Reliability, ARES 2008

Y2 - 4 March 2008 through 7 March 2008

ER -

Security analysis of Role-Based Separation of Duty with workflows

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this