{"title":"基于角色的业务流程的动态职责分离策略验证","authors":"Aashay Thipse, R. Hewett","doi":"10.1109/TPSD.2008.4562752","DOIUrl":null,"url":null,"abstract":"Separation of duty (SoD) is a widely used security principle to help prevent frauds in a business process. Though SoD has been studied by many researchers, most of them are concerned with specifications of various types of SoD constraints for policy enforcement. For large organizations that employ SoD policies, the ability to automatically verify if a given user-role assignment complies with SoD policies is of the great value for security management. This paper proposes an algorithm for constraint checking of simple dynamic SoD. Unlike most previous work that enforces SoD policy at run time (when roles are activated), our approach examines policy enforcement build-time (prior to run rime, i.e. when roles are assigned to users but not activated).","PeriodicalId":410786,"journal":{"name":"2008 IEEE Region 5 Conference","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Verification of Dynamic Separation of Duty Policy for Role-based Business Processes\",\"authors\":\"Aashay Thipse, R. Hewett\",\"doi\":\"10.1109/TPSD.2008.4562752\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Separation of duty (SoD) is a widely used security principle to help prevent frauds in a business process. Though SoD has been studied by many researchers, most of them are concerned with specifications of various types of SoD constraints for policy enforcement. For large organizations that employ SoD policies, the ability to automatically verify if a given user-role assignment complies with SoD policies is of the great value for security management. This paper proposes an algorithm for constraint checking of simple dynamic SoD. Unlike most previous work that enforces SoD policy at run time (when roles are activated), our approach examines policy enforcement build-time (prior to run rime, i.e. when roles are assigned to users but not activated).\",\"PeriodicalId\":410786,\"journal\":{\"name\":\"2008 IEEE Region 5 Conference\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE Region 5 Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TPSD.2008.4562752\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Region 5 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPSD.2008.4562752","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Verification of Dynamic Separation of Duty Policy for Role-based Business Processes
Separation of duty (SoD) is a widely used security principle to help prevent frauds in a business process. Though SoD has been studied by many researchers, most of them are concerned with specifications of various types of SoD constraints for policy enforcement. For large organizations that employ SoD policies, the ability to automatically verify if a given user-role assignment complies with SoD policies is of the great value for security management. This paper proposes an algorithm for constraint checking of simple dynamic SoD. Unlike most previous work that enforces SoD policy at run time (when roles are activated), our approach examines policy enforcement build-time (prior to run rime, i.e. when roles are assigned to users but not activated).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
