On the formal definition of separation-of-duty policies and their composition

Formally defines a wide variety of separation-of-duty (SoD) properties, including the best known to date, and establishes their relationships within a formal model of role-based access control (RBAC). The formalism helps to remove all the ambiguities of informal definition and offers a wide choice of implementation strategies. We also explore the composability of SoD properties and policies under a simple criterion. We conclude that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems.

[1]  Virgil D. Gligor,et al.  On the Security Effectiveness of Cryptographic Protocols , 1995 .

[2]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[3]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[4]  Richard S. Varga,et al.  Proof of Theorem 5 , 1983 .

[5]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[6]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[7]  R. Varga,et al.  Proof of Theorem 4 , 1983 .

[8]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[9]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[10]  Jack Dongarra,et al.  MPI: The Complete Reference , 1996 .

[11]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Richard S. Varga,et al.  Proof of Theorem 6 , 1983 .

[13]  Kevin Loney,et al.  Oracle: The complete reference , 1990 .

[14]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .