Published: November 7, 1997
Author(s)
Richard Kuhn (NIST)
Conference
Name: Second ACM Workshop on Role-Based Access Control (RBAC '97)
Dates: 11/06/1997 - 11/07/1997
Location: Fairfax, Virginia, United States
Citation: Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97), pp. 23-30
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as a means of implementing separation of duty policies, including a safety property for separation of duty; relationships between different types of exclusion rules; properties of mutual exclusion for roles; constraints on the role hierarchy introduced by mutual exclusion rules; and necessary and sufficient conditions for the safety property to hold. Results have implications for implementing separation of duty controls through mutual exclusion of roles, and for comparing mutual exclusion with other means of implementing separation of duty policies.
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent...
See full abstract
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as a means of implementing separation of duty policies, including a safety property for separation of duty; relationships between different types of exclusion rules; properties of mutual exclusion for roles; constraints on the role hierarchy introduced by mutual exclusion rules; and necessary and sufficient conditions for the safety property to hold. Results have implications for implementing separation of duty controls through mutual exclusion of roles, and for comparing mutual exclusion with other means of implementing separation of duty policies.
Hide full abstract
Keywords
access control; RBAC; Role-Based Access Control; separation of duty
Control Families
None selected
