Separation of Duties in Computerized Information Systems
نویسنده
چکیده
We describe a novel general-purpose mechanism for enforcing separation of duties in computerized information systems. This mechanism of transaction control expressions has close similarities to traditional controls in manual paper-based systems. It has the great bene t of intuitive simplicity, in both concept and implementation.
منابع مشابه
Consistency Checks for Duties in Extended UML2 Activity Models
Process-aware information systems support the execution of business processes. In this context, organizations require the precise specification of security policies that govern the behavior of subjects in the systems. Obligation policies specify duties to be fulfilled by certain subjects. In organizational contexts, duties are often associated with a certain task in a business process. In this ...
متن کاملMethodologies for Access Control and their Interactions
We propose the use of process-based access-control methods in the construction of privacy systems in the present paper. Segregation of duties and least privilege are two key business principles that protect an organization’s valuable data and resources from deliberate or accidental information leak, or data corruption by staff. As a substantial amount of this information is stored on computer s...
متن کاملTransaction Control Expressions for Separation of Duties
We describe a model and notation for specifying and enforcing aspects of integrity policies, particularly separation of duties. The key idea is to associate a transaction control expression with each information object. This expression constrains the transactions which can be applied to that object to occur in the speci ed pattern. As operations are actually executed the transaction control exp...
متن کاملAttitudes and Knowledge of Hormozgan University of Medical Sciences Nurses Regarding the Implementation of Computerized Physician Order Entry
Introduction: Despite potential benefits of CPOE (Computerized Physician Order Entry) systems, recent studies have cast some doubts on their role in reducing errors. CPOE systems with poorly designed interfaces have proven to cause dissatisfaction and introduce new kinds of errors in the ordering process. The main objective of this study is to identify problems related to a CPOE medication syst...
متن کاملUNSPECIFIED Multi-session Separation of Duties (MSoD) for RBAC
Separation of duties (SoD) is a key security requirement for many business and information systems. Role Based Access Controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynami...
متن کامل