Separation of Duty administration

نویسندگان

Stephen Perelson

Reinhardt A. Botha

Jan H. P. Eloff

چکیده

Access control administration is a huge task. Administration tools should assist the administrator in ensuring that the access control requirements are met. One example of an access control requirement is Separation of Duty (SoD). SoD requirements specify that no single person may have sufficient authority to complete a business process unilaterally. The SoDA prototype administration tool has been developed to assist administrators with the administration of SoD requirements. It demonstrates how the specification of both Static and Dynamic SoD requirements can be done based on the “conflicting entities” paradigm. Static SoD requirements must be enforced in the administration environment. The SoDA prototype, therefore, enforces the specified static SoD requirements.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Conflict analysis as a means of enforcing static separation of duty requirements in workflow environments

The increasing reliance on information technology to support business processes has emphasised the need for information security mechanisms. This, however, has resulted in an ever-increasing workload in terms of security administration. Policy-based approaches have been proposed, promising to lighten the workload of security administrators. Separation of duty is one of the principles cited as a...

متن کامل

Separation of duties for access control enforcement in workflow environments

Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of separation of duty found in the requirement of two signatures on a check. Previous work on s...

متن کامل

On the Formal Definition of Separation-of-Duty Policies and their Composition

In this paper we define formally a wide variety of separation-of-duty (SoD) properties, which include the best known to date, and establish their relationships within a formal model of role-based access control (RBAC). The formalism helps remove all ambiguities of informal definition, and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and ...

متن کامل

Implementing Advanced RBAC Administration Functionality with USE1

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...

متن کامل