Some Conundrums Concerning Separation of Duty
نویسندگان
چکیده
This paper examines some questions concerning commercial computer security integrity policies. We give an example of a dynamic separation of duty policy which cannot be implemented by TCSEC based mechanisms alone, yet occurs in the real commercial world, and can be implemented efficiently in practice. We examine and describe a commercial computer security product in wide use for ensuring the integrity of financial transactions, show that it implements a well defined and sensible integrity policy that includes separation of duty, yet fails to meet either the TCSEC criteria or the Clark and Wilson rules.
منابع مشابه
Separation of duties for access control enforcement in workflow environments
Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of separation of duty found in the requirement of two signatures on a check. Previous work on s...
متن کاملResearch on RBAC - based Separation of Duty Constraints
Separation of duty (SOD) is an important characteristic in the role-based access control (RBAC) system. In view of some issues such as various variations of SOD constraints (SODs), ambiguous relations among constraint states, this paper formally defines several typical SODs and analyzes the transition relations among different SODs states. In combination with a delegation case, it goes an explo...
متن کاملObligations and Permissions
4 Utterances and statements concerning obligations and permissions are 5 known as deontic expressions. They can present something of a challenge 6 when it comes to formulating their meaning and behaviour. The content 7 of these expressions can appear to support entailment relations similar to 8 those of classical propositions, but such behaviour can sometimes lead to 9 counter-intuitive outcome...
متن کاملConflict analysis as a means of enforcing static separation of duty requirements in workflow environments
The increasing reliance on information technology to support business processes has emphasised the need for information security mechanisms. This, however, has resulted in an ever-increasing workload in terms of security administration. Policy-based approaches have been proposed, promising to lighten the workload of security administrators. Separation of duty is one of the principles cited as a...
متن کاملSeparation of Duty in Role-based Environments
Separation of Duty is a principle that has a long history in computer security research. Many computing systems provide rudimentary support for this principle, but often the support is inconsistent with the way the principle is applied in non-computing environments. Furthermore, there appears to be no single accepted meaning of the term. We examine the ways in which Separation of Duty has been ...
متن کامل