Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2004.11C.6.725

Permission-Based Separation of Duty Model on Role-Based Access Control  

Oh Se-Jong (단국대학교 컴퓨터과학전공)
Publication Information
The KIPS Transactions:PartC / v.11C, no.6, 2004 , pp. 725-730 More about this Journal
Abstract
Separation of Duty(SOD), with delegation, is one of important security principles in access control area. The role-based access control model adopts SOD principle, but it has some problems; SOD concept is inconsistent with role hierarchy, permissions that have no relation with SOD may be restricted, and delegation may violate SOD. We propose permission-based SOD model on role-based access control. We establishes SOD as a set of permissions instead of role level SOD. Furthermore we propose a principle of role activation. It solves SOD problems of RBAC and supports easy implementation of SOD policy.
Keywords
Security; Access Control; Separation of Duty; Role; RBAC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jason Crampton, 'Specifying and enforcing constraints in role-based access control,' Proc. of the 8th ACM symposium on Access control models and technologies, 2003   DOI
2 C. P. Pfleger, 'Security in Computing', Prentice-Hall International, 2nd Ed., 1997
3 D. Russel and G. T. Gangemi, 'Computer Security Basics', O'Reilly & Associates, Inc., 1991
4 배혜진, 박석, 'T-RBAC에 기초한 세션기반의 동적 의무분리', 정보과학회 2002년 춘계학술대회논문집, Vol.29, No.1, 2002
5 천은홍, 김동규, '의무분리를 위한 직무기반 접근권한의 모델링', 정보처리학회논문지A, 제5-A권 제7호, 1998
6 S. Oh and S. Park, 'Task-Role-Based Access Control Model,' Journal of Information Systems, 2003   DOI   ScienceOn
7 G. J. Ahn, R. Sandhu, 'The RSL99 language for role-based separation of duty constraints,' Proc. of the 4th ACM workshop on Role-based access control, 1999
8 J. B. D. Joshi, B. Shafiq, A. Ghafoor, E. Bertino, 'Dependencies and separation of duty constraints in GTRBAC,' Proc. of the 8th ACM symposium on Access control models and technologies, 2003   DOI
9 Ezedin Barka and Ravi Sandhu, 'Framework for Role-Based Delegation Models,' Proc. of 16th Annual Computer Security Application Conference(ACSAC 2000), 2000   DOI
10 지희영, 박석, '역할 기반의 접근제어 시스템에서 동적 의무분리 만족을 위한 설계 방법', 한국정보과학회 가을 학술발표논문집, 제26권 제2호, 1999
11 Rechard Kuhn, 'Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems,' Proc. of 2nd ACM Workship on Role-Based Access Control, 1997   DOI
12 Ravi Sandhu, 'Role Activation Hierarchy,' Proc. of 3rd ACM Workship on Role-Based Access Control, 1998
13 M.Bishop, 'Computer Security,' Addison Wesley, 2003
14 R. Sandhu, 'Rationale for the RBAC96 Family of Access Control Models,' Proc. of the first ACM workshop on Role-Based Access Control, 1995   DOI
15 S. I. Gavrila and J. F. Barkley, 'Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management,' Proc. of the 3rd ACM workshop on Role-Based Access Control, 1998, pp.81-90   DOI
16 D. Ferraio, J. Cugini and R. Kuhn, 'Role-based Access Control (RBAC) : Features and motivations,' Proc. of 11th Annual Computer Security Application Conference, 1995