A framework for organisational control principles

Organisational control principles, such as those expressed in the separation of duties, supervision, review and delegation, support the main business goals and activities of an organisation. Some of these principles have previously been described and analysed within the context of role- and policy-based distributed systems, but little has been done with respect to the more general context they are placed in and the analysis of relationships between them. This paper presents a framework in which organisational control principles can be formally expressed and analysed using the Alloy specification language and its constraint analysis tools.

[1]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[2]  Gill Christy,et al.  Management and Organisational Behaviour , 1985 .

[3]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[5]  M. Sloman Network and distributed systems management , 1994 .

[6]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Gordon E. Smith Network Auditing: A Control Assessment Approach , 1999 .

[8]  Z. Milosevic,et al.  Supporting business contracts in open distributed systems , 1995, Second International Workshop on Services in Distributed and Networked Environments.

[9]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[10]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[11]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[12]  Thomas Schael,et al.  Workflow management systems for financial services , 1993, COCS '93.

[13]  Jack Minker,et al.  Logic and Databases: A Deductive Approach , 1984, CSUR.

[14]  D. Pugh,et al.  Organization theory : selected readings , 1971 .

[15]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[16]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[17]  Elisa Bertino,et al.  A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems , 1997, RBAC '97.

[18]  Daniel Jackson,et al.  Software analysis: a roadmap , 2000, ICSE '00.

[19]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[20]  Michael Butler,et al.  Combining B and Alloy , 2001 .

[21]  Thu D. Nguyen,et al.  A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[22]  Sophie Dupuy-Chessa,et al.  An Overview of RoZ: A Tool for Integrating UML and Z Specifications , 2000, CAiSE.

[23]  Roland Awischus,et al.  Role based access control with the security administration manager (SAM) , 1997, RBAC '97.

[24]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[25]  Christos Faloutsos,et al.  Advanced Database Systems , 1997, Lecture Notes in Computer Science.

[26]  Stelvio Cimato,et al.  Engineering formal requirements: An analysis and testing method for Z documents , 1997, Ann. Softw. Eng..

[27]  Sophie Dupuy-Chessa,et al.  Translating the OMT Dynamic Model into Object-Z , 1998, ZUM.

[28]  John E. Dobson,et al.  How responsibility modelling leads to security requirements , 1993, NSPW '92-93.

[29]  Mark S. Fox,et al.  An organizational ontology for enterprise modeling , 1998 .

[30]  Jean Bacon,et al.  Toward open, secure, widely distributed services , 2002, CACM.

[31]  Phil Johnson,et al.  Management control and organizational behaviour , 1993 .

[32]  Daniel Jackson,et al.  Alcoa: the Alloy constraint analyzer , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[33]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[34]  Morris Sloman,et al.  The source of authority for commercial access control , 1988, Computer.

[35]  Joyce Hawkins,et al.  Oxford Paperback Dictionary , 1979 .

[36]  Martin Gogolla,et al.  Validating UML Models and OCL Constraints , 2000, UML.

[37]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[38]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[39]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[40]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[41]  James Bret Michael,et al.  Use of an Experimental Policy Workbench: Description and Preliminary Results , 1991, DBSec.

[42]  Sushil Jajodia,et al.  Revocations - A classification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[43]  Robert Moeller,et al.  Changing Definitions of Internal Control and Information Systems Integrity , 1997, IICIS.

[44]  Konstantin Knorr,et al.  Analyzing Separation of Duties in Petri Net Workflows , 2001, MMM-ACNS.

[45]  Andrew B. Whinston,et al.  An OIS model for internal control evaluation , 1982, COCS.

[46]  Jorge Lobo,et al.  Monitors for History-Based Policies , 2001, POLICY.

[47]  María Victoria Cengarle,et al.  A Formal Semantics for OCL 1.4 , 2001, UML.

[48]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[49]  Andreas Schaad,et al.  The Incorporation of Control Principles into Access Control Policies , 2001 .

[50]  Axel van Lamsweerde,et al.  Formal specification: a roadmap , 2000, ICSE '00.

[51]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[52]  Daniel Jackson,et al.  Some Shortcomings of OCL, the Object Constraint Language of UML , 2000, TOOLS.

[53]  Jeffrey D. Ullman,et al.  A Survey of Research in Deductive Database Systems , 1995 .

[54]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[55]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[56]  U. Keller,et al.  Translating the Object Constraint Language into First-order Predicate Logic , 2001 .

[57]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[58]  Ken Moody,et al.  Meta-policies for distributed role-based access control systems , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[59]  Gene W. Dalton,et al.  Motivation and control in organizations , 1971 .

[60]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[61]  Andrzej Cichocki,et al.  Workflow and Process Automation , 1998 .

[62]  Jason E. Robbins,et al.  Extending Design Environments to Software Architecture Design , 2004, Automated Software Engineering.

[63]  P. Blau The Comparative Study of Organizations , 1965 .

[64]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[65]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[66]  Marshall W. Meyer,et al.  Power in Organizations. , 1982 .

[67]  Mark Ryan,et al.  Logic in Computer Science: Modelling and Reasoning about Systems , 2000 .

[68]  Giorgio De Michelis,et al.  A Light Workflow Management System Using Simple Process Models , 2000, Computer Supported Cooperative Work (CSCW).

[69]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[70]  Radu Mateescu,et al.  Model Checking for Managers , 1999, SPIN.

[71]  Andreas Schaad,et al.  An administration concept for the enterprise role-based access control model , 2003, SACMAT '03.

[72]  Daniel Jackson,et al.  Automating first-order relational logic , 2000, SIGSOFT '00/FSE-8.

[73]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[74]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[75]  William F. Clocksin,et al.  Programming in Prolog , 1981, Springer Berlin Heidelberg.

[76]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[77]  Ron Weber,et al.  Information Systems Control and Audit , 1998 .

[78]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[79]  C. J. Date An Introduction to Database Systems , 1975 .

[80]  Manu Sridharan,et al.  A micromodularity mechanism , 2001, ESEC/FSE-9.

[81]  N. Carter General and Industrial Management , 1986 .

[82]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[83]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[84]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[85]  Thu D. Nguyen,et al.  A Hierarchical Policy Specification Language and Enforcement Mechanism for Governing Digital Enterprises , 2002, POLICY.

[86]  Martin Fowler,et al.  Analysis patterns - reusable object models , 1996, Addison-Wesley series in object-oriented software engineering.

[87]  Jeffrey G. Gray,et al.  Constraint animation using an object-oriented declarative language , 2000, ACM-SE 38.

[88]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[89]  Jason Crampton Administrative scope and role hierarchy operations , 2002, SACMAT '02.

[90]  Ivar Jacobson,et al.  The object advantage - business process reengineering with object technology , 1994 .

[91]  Edward Roback,et al.  SP 800-12. An Introduction to Computer Security: the NIST Handbook , 1995 .

[92]  James Brian Quinn,et al.  The Strategy Process , 1988 .

[93]  Jean Bacon,et al.  Generic Support for Distributed Applications , 2000, Computer.

[94]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[95]  Alessandra Russo,et al.  Using event calculus to formalise policy specification and analysis , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[96]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[97]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[98]  Frederick Gallegos,et al.  Information Technology Control and Audit , 2000 .

[99]  Najam Perwaiz Structured management of role-permission relationships , 2001, SACMAT '01.

[100]  A. Scheer Business Process Engineering: Reference Models for Industrial Enterprises , 1994 .

[101]  Gail-Joon Ahn,et al.  A rule-based framework for role based delegation , 2001, SACMAT '01.

[102]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[103]  M. Oliverio Internal control—integrated framework: who is responsible? , 2001 .

[104]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[105]  Colin O'Halloran,et al.  Experiences with PiZA, an Animator for Z , 1997, ZUM.

[106]  Giorgio De Michelis,et al.  Reengineering a business process with an innovative workflow management system: a case study , 1993, COCS '93.

[107]  Jonathan D. Moffett,et al.  Delegation of authority using domain-based access rules , 1990 .

[108]  Jean Bacon,et al.  Access control in an open distributed environment , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[109]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[110]  Morris Sloman,et al.  Policy Conflict Analysis in Distributed System Management , 1994 .

[111]  Bharat Bhargava,et al.  Advanced Database Systems , 1993, Lecture Notes in Computer Science.

[112]  Ravi S. Sandhu,et al.  Towards a UML based approach to role engineering , 1999, RBAC '99.

[113]  Andreas Schaad,et al.  Delegation of obligations , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[114]  Jonathan P. Bowen Formal Specification and Documentation Using Z: A Case Study Approach , 1996 .

[115]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[116]  John Derrick,et al.  Formalising ODP enterprise policies , 1999, Proceedings Third International Enterprise Distributed Object Computing. Conference (Cat. No.99EX366).

[117]  Alan Fekete,et al.  Lightweight Analysis of Object Interactions , 2001, TACS.

[118]  Mark Strembeck,et al.  A scenario-driven role engineering process for functional RBAC roles , 2002, SACMAT '02.

[119]  M. Sloman,et al.  Domains: a framework for structuring management policy , 1994 .

[120]  Jadwiga Indulska,et al.  Dynamic conflict detection in policy-based management systems , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[121]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[122]  L. Urwick Notes on the theory of organization , 1952 .

[123]  Jorge Lobo,et al.  A Logic Programming Approach to Conflict Resolution in Policy Management , 2000, KR.

[124]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[125]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[126]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[127]  Charles Cresson Wood Principles of secure information systems design , 1990, Comput. Secur..

[128]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[129]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[130]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[131]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[132]  Gerhard Schimpf,et al.  Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization , 2000, RBAC '00.

[133]  C. Mills,et al.  The Theory of Social and Economic Organization , 1948 .

[134]  Richard J. Lipton,et al.  A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[135]  Tony Clark,et al.  Object Modeling with the OCL: The Rationale behind the Object Constraint Language , 2002 .

[136]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[137]  Barry Eaglestone,et al.  Software development: two approaches to animation of Z specifications using Prolog , 1992, Softw. Eng. J..

[138]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[139]  Trent Jaeger,et al.  An access control model for simplifying constraint expression , 2000, CCS.

[140]  Andreas Schaad,et al.  Observations on the role life-cycle in the context of enterprise security management , 2002, SACMAT '02.

[141]  Marianne Swanson,et al.  SP 800-14. Generally Accepted Principles and Practices for Securing Information Technology Systems , 1996 .

[142]  Emil C. Lupu,et al.  A policy based role object model , 1997, Proceedings First International Enterprise Distributed Object Computing Workshop.

[143]  Ravi S. Sandhu,et al.  Role activation hierarchies , 1998, RBAC '98.

[144]  Robert K. Merton,et al.  Bureaucratic Structure and Personality , 1940 .

[145]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[146]  John Derrick,et al.  Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification , 2001, POLICY.

[147]  Jason E. Robbins,et al.  Extending design environments to software architecture design , 1996, Proceedings of the 11th Knowledge-Based Software Engineering Conference.

[148]  André Zúquete,et al.  Enforcing Obligation with Security Monitors , 2001, ICICS.

[149]  Andreas Schaad,et al.  A lightweight approach to specification and analysis of role-based access control extensions , 2002, SACMAT '02.

[150]  Graeme Salaman,et al.  Control and Ideology in Organizations , 1982 .

[151]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.