Research on RBAC-based Separation of Duty Constraints

Separation of duty (SOD) is an important characteristic in the role-based access control (RBAC) system. In view of some issues such as various variations of SOD constraints (SODs), ambiguous relations among constraint states, this paper formally defines several typical SODs and analyzes the transition relations among different SODs states. In combination with a delegation case, it goes an exploration and discussion on the SODs state transition issues, and proposes some corresponding solutions.

[1]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[2]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[3]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[4]  Andreas Schaad Detecting conflicts in a role-based delegation model , 2001, Seventeenth Annual Computer Security Applications Conference.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[7]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[8]  Naresh K. Sinha,et al.  Control Systems , 1986 .

[9]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[10]  SangYeob Na,et al.  Role delegation in role-based access control , 2000, RBAC '00.