Dependencies and separation of duty constraints in GTRBAC

Get BibTex-formatted data

Author

James B.D. Joshi, Basit Shafiq, Arif Ghafoor, Elisa Bertino

Entry type

proceedings

Abstract

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC's language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today's large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications.

Date

2003

URL

http://portal.acm.org/citation ... 8143&CFTOKEN=95260317

Booktitle

Symposium on Access Control Models and Technologies. Proceedings of the eighth ACM symposium on Access control models and technologies

Key alpha

Bertino

Pages

51-64

Publisher

ACM

Affiliation

Purdue University

Publication Date

2003-00-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Proceedings{ Bertino,
	title = "Dependencies and separation of duty constraints in GTRBAC",
	author = "James B.D. Joshi, Basit Shafiq, Arif Ghafoor, Elisa Bertino",
	year = "2003",
	booktitle = "Symposium on Access Control Models and Technologies. Proceedings of the eighth ACM symposium on Access control models and technologies",
	pages = "51-64",
	publisher = "ACM",
	abstract = "A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC's language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today's large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications.",
	affiliation = "Purdue University",
	url = "http://portal.acm.org/citation.cfm?id=775412.775420&coll=ACM&dl=ACM&CFID=67118143&CFTOKEN=95260317",
}