On Mutually-Exclusive Roles and Separation of Duty

机译：互斥角色与职责分离

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER) constraints are used to enforce SSoD policies. In this paper, we pose and answer fundamental questions related to the use of SMER constraints to enforce SSoD policies. We show that directly enforcing SSoD policies is intractable (coNP-complete), while checking whether an RBAC state satisfies a set of SMER constraints is efficient. Also, we show that verifying whether a given set of SMER constraints enforces an SSoD policy is intractable (coNP-complete) and discuss why this intractability result should not lead us to conclude that SMER constraints are not an appropriate mechanism for enforcing SSoD policies. We show also how to generate SMER constraints that are as accurate as possible for enforcing an SSoD policy.

机译：职责分离（SoD）被广泛认为是计算机安全性的基本原理。静态SoD（SSoD）策略指出，为了拥有完成敏感任务所需的所有权限，需要至少一定数量的用户的配合。在基于角色的访问控制（RBAC）中，静态互斥角色（SMER）约束用于实施SSoD策略。在本文中，我们提出并回答与使用SMER约束来实施SSoD策略有关的基本问题。我们显示，直接执行SSoD策略是难于完成的（coNP完整），同时检查RBAC状态是否满足一组SMER约束是有效的。此外，我们证明了验证给定的一组SMER约束是否强制实施SSoD策略是很棘手的（coNP完全），并讨论了为什么这种难解决的结果不应使我们得出结论，即SMER约束不是实施SSoD策略的适当机制。我们还将展示如何生成尽可能精确的SMER约束来实施SSoD策略。

著录项

来源
《Association for Computing Machinery(ACM) Conference on Computer and Communications Security(CS 2004); 20041025-29; Washington,DC(US)》|2004年|P.42-51|共10页
会议地点 WashingtonDC(US)
作者
Ninghui Li; Ziad Bizri; Mahesh V. Tripunitara;
展开▼
作者单位

Center for Education and Research in Information Assurance and Security and Department of Computer Sciences Purdue University 656 Oval Drive, West Lafayette, IN 47907;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
role-based access control; separation of duty; constraints; verification;

机译：基于角色的访问控制;职责分离;约束;验证;

相似文献

外文文献
中文文献
专利

1. Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations [J] . Wei Sun, Shiwei Wei, Huaping Guo, Future Internet . 2019,第9期

机译：具有职责分离约束和授权安全检测的角色挖掘优化
2. Classification and formulation of Role-based Separation of Duty Constraints [J] . Marzieh Esna-Ashari, Hamid R. Rabiee Indian Journal of Science and Technology . 2010,第6期

机译：基于角色的职责分离的分类和表述
3. Separation of Duty and Context Constraints for Contextual Role-Based Access Control (C-RBAC) [J] . Muhammad Nabeel Tahir International Journal of Security (IJS) . 2009,第1期

机译：用于基于角色的上下文访问控制（C-RBAC）的职责和上下文约束分离
4. On mutually-exclusive roles and separation of duty [C] . Ninghui Li, Ziad Bizri, Mahesh V. Tripunitara ACM conference on Computer and communications security . 2004

机译：关于互斥角色和职责分离
5. Learning Online during Active Duty and after Separation: Gulf War Veterans' Experience [D] . Garvey, Kim V. 2017

机译：在职期间和分居后的在线学习：海湾战争退伍军人的经历
6. Stress radiographs for evaluating acromioclavicular joint separations in an active-duty patient population: What have we learned? [O] . K. Aaron Shaw, John Synovec, Josef Eichinger, 2018

机译：用于评估现役患者人群中肩锁关节分离的应力射线照相：我们学到了什么？
7. On mutually-exclusive roles and separation of duty [O] . Ninghui Li, Ziad Bizri, Mahesh V. Tripunitara 2004

机译：论互斥角色与职责分离

On Mutually-Exclusive Roles and Separation of Duty

摘要

著录项

相似文献

相关主题

期刊订阅