Role Mining in the Presence of Separation of Duty Constraints

2015 ◽  
pp. 98-117 ◽  
Author(s):  
Prasuna Sarana ◽  
Arindam Roy ◽  
Shamik Sural ◽  
Jaideep Vaidya ◽  
Vijayalakshmi Atluri
Keyword(s):  
Role Mining ◽  
Separation Of Duty

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

Hunting abnormal configurations for permission-sensitive role mining

2016 ◽  
Author(s):  
Lihua Yin ◽  
Liang Fang ◽  
Ben Niu ◽  
Binxing Fang ◽  
Fenghua Li
Keyword(s):  
Role Mining

An Access Control Framework for WS-BPEL processes

2010 ◽  
pp. 492-515
Author(s):  
Federica Paci ◽  
Elisa Bertino ◽  
Jason Crampton
Keyword(s):  
Access Control ◽  
Human Activities ◽  
Business Processes ◽  
Control Model ◽  
Role Based Access Control ◽  
Control Framework ◽  
New Type ◽  
Separation Of Duty ◽  
Role Based ◽  
Bpel Processes

Business processes –the next generation workflows- have attracted considerable research interest in the last fifteen years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web services, there are many applications and situations requiring that people be considered as additional participants that can influence the execution of a process. Significant omissions from WS-BPEL are the specification of activities that require interactions with humans to be completed, called human activities, and the specification of authorization information associating users with human activities in a WS-BPEL business process and authorization constraints, such as separation of duty, on the execution of human activities. In this chapter, we address these deficiencies by introducing a new type of WS-BPEL activity to model human activities and by developing RBAC-WS-BPEL, a role based access control model for WS-BPEL and BPCL, a language to specify authorization constraints.

A Trustworthy Usage Control Enforcement Framework

2013 ◽  
Vol 5 (3) ◽  
pp. 34-49 ◽  
Author(s):  
Ricardo Neisse ◽  
Alexander Pretschner ◽  
Valentina Di Giacomo
Keyword(s):  
Operating System ◽  
Trusted Computing ◽  
Enterprise Service Bus ◽  
Computing Technology ◽  
Levels Of Abstraction ◽  
Usage Control ◽  
Design And Implementation ◽  
Separation Of Duty ◽  
Enforcement Mechanisms ◽  
Different Levels

Usage control policies specify restrictions on the handling of data after access has been granted. The authors present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. The authors show how this framework can, among other things, be used to enforce separation-of-duty policies. The authors provide a performance analysis.

Sign in / Sign up

Export Citation Format

Share Document