The Incorporation of Control Principles into Access Control Policies

Separation of Duties: By partitioning critical transactions and assigning sub-tasks to different entities we prevent any one person from performing the whole transaction, thus reducing the risk of any error or fraud. Delegation: Delegation is an important part of any working organisation, since the main task of management is to get work done through the efforts of other people. Delegation of authority can be seen as a specialisation of tasks and responsibilities, through which a superior delegates or transmits pieces of authority downward in the organisational chain along with the obligation to perform specific duties.

[1]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[2]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[3]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[6]  Jonathan D. Moffett,et al.  Control principles and role hierarchies , 1998, RBAC '98.

[7]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[8]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.