Sciweavers

CORR
2008
Springer

An Activity-Based Model for Separation of Duty

14 years 15 days ago
An Activity-Based Model for Separation of Duty
This paper offers several contributions for separation of duty (SoD) administration in role-based access control (RBAC) systems. We first introduce a new formal framework, based on business perspective, where SoD constraints are analyzed introducing the activity concept. This notion helps organizations define SoD constraints in terms of business requirements and reduces management complexity in large-scale RBAC systems. The model enables the definition of a wide taxonomy of conflict types. In particular, object-based SoD is introduced using the SoD domain concept, namely the set of data in which transaction conflicts may occur. Together with the formalization of the above properties, in this paper we also show the effectiveness of our proposal: we have applied the model to a large, existing organization; results highlight the benefits of adopting the proposed model in terms of reduced administration cost.
Alessandro Colantonio, Roberto Di Pietro, Alberto
Added 10 Dec 2010
Updated 10 Dec 2010
Type Journal
Year 2008
Where CORR
Authors Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello
Comments (0)