Permission based implementation of Dynamic Separation of Duty (DSD) in Role based Access Control (RBAC)

2014 ◽  
Author(s):  
Muhammad Asif Habib ◽  
Nasir Mahmood ◽  
Muhammad Shahid ◽  
Muhammad Umar Aftab ◽  
Uzair Ahmad ◽  
...  
Keyword(s):  
Access Control ◽  
Role Based Access Control ◽  
Separation Of Duty ◽  
Role Based

An Access Control Framework for WS-BPEL processes

2010 ◽  
pp. 492-515
Author(s):  
Federica Paci ◽  
Elisa Bertino ◽  
Jason Crampton
Keyword(s):  
Access Control ◽  
Human Activities ◽  
Business Processes ◽  
Control Model ◽  
Role Based Access Control ◽  
Control Framework ◽  
New Type ◽  
Separation Of Duty ◽  
Role Based ◽  
Bpel Processes

Business processes –the next generation workflows- have attracted considerable research interest in the last fifteen years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web services, there are many applications and situations requiring that people be considered as additional participants that can influence the execution of a process. Significant omissions from WS-BPEL are the specification of activities that require interactions with humans to be completed, called human activities, and the specification of authorization information associating users with human activities in a WS-BPEL business process and authorization constraints, such as separation of duty, on the execution of human activities. In this chapter, we address these deficiencies by introducing a new type of WS-BPEL activity to model human activities and by developing RBAC-WS-BPEL, a role based access control model for WS-BPEL and BPCL, a language to specify authorization constraints.

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

scholarly journals Reliability of separation of duty in ANSI standard role-based access control

2011 ◽  
Vol 18 (6) ◽  
pp. 1416-1424 ◽  
Author(s):  
M. Esna-Ashari ◽  
H.R. Rabiee ◽  
S.H. Mirian-Hosseinabadi
Keyword(s):  
Access Control ◽  
Role Based Access Control ◽  
Separation Of Duty ◽  
Role Based

scholarly journals Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

Symmetry ◽  
2019 ◽  
Vol 11 (5) ◽  
pp. 669 ◽  
Author(s):  
Muhammad Umar Aftab ◽  
Zhiguang Qin ◽  
Negalign Wake Hundera ◽  
Oluwasanmi Ariyo ◽  
Zakria ◽  
...  
Keyword(s):  
Access Control ◽  
Dominant Role ◽  
Control Model ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Least Privilege ◽  
Major Development ◽  
Separation Of Duty ◽  
Attribute Based Access Control ◽  
Role Based

A major development in the field of access control is the dominant role-based access control (RBAC) scheme. The fascination of RBAC lies in its enhanced security along with the concept of roles. In addition, attribute-based access control (ABAC) is added to the access control models, which is famous for its dynamic behavior. Separation of duty (SOD) is used for enforcing least privilege concept in RBAC and ABAC. Moreover, SOD is a powerful tool that is used to protect an organization from internal security attacks and threats. Different problems have been found in the implementation of SOD at the role level. This paper discusses that the implementation of SOD on the level of roles is not a good option. Therefore, this paper proposes a hybrid access control model to implement SOD on the basis of permissions. The first part of the proposed model is based on the addition of attributes with dynamic characteristics in the RBAC model, whereas the second part of the model implements the permission-based SOD in dynamic RBAC model. Moreover, in comparison with previous models, performance and feature analysis are performed to show the strength of dynamic RBAC model. This model improves the performance of the RBAC model in terms of time, dynamicity, and automatic permissions and roles assignment. At the same time, this model also reduces the administrator’s load and provides a flexible, dynamic, and secure access control model.

Sign in / Sign up

Export Citation Format

Share Document