Reliability of separation of duty in ANSI standard role-based access control

Abstract ANSI RBAC is a standard for a consistent and uniform definition on Role Based Access Control features and their functional specifications ANSI (2004)  [1] . We analyze both static and dynamic separation of duty constraints specifications in the ANSI RBAC standard and evaluate their reliabilities. We then suggest necessary improvements for making them completely reliable.

[1]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[5]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[6]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[7]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[8]  Zhikun Zhang,et al.  ANALYSIS OF ENHANCED SEPARATION OF DUTY IN ROLE-BASED ACCESS CONTROL MODEL , 2005 .

[9]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[10]  Mohammad Reza Aref,et al.  AN ADAPTIVE SECURE CHANNEL CODING SCHEME FOR DATA TRANSMISSION OVER LEO SATELLITE CHANNELS , 2006 .

[11]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[12]  Hamid R. Rabiee,et al.  Classification and formulation of Role-based Separation of Duty Constraints , 2010 .

[13]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[14]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[15]  Peter J. Denning,et al.  Data Security , 1979, CSUR.

[16]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[17]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[18]  Trent Jaeger,et al.  Rebuttal to the NIST RBAC model proposal , 2000, RBAC '00.

[19]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.