{"title":"基于角色的职责分离约束的RSL99语言","authors":"Gail-Joon Ahn, R. Sandhu","doi":"10.1145/319171.319176","DOIUrl":null,"url":null,"abstract":"Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties. *This work is partially supported by grants from the National Science Foundation and the National Security Agency at the Laboratory for Information Security Technology at George Mason University. All correspondence should be addressed to Ravi Sandhu, ISE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, saudhuQisse.gmu.edu, wwv.list.gmu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise. to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. RBAC ‘99 10199 Fairfax, VA, USA","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"150","resultStr":"{\"title\":\"The RSL99 language for role-based separation of duty constraints\",\"authors\":\"Gail-Joon Ahn, R. Sandhu\",\"doi\":\"10.1145/319171.319176\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties. *This work is partially supported by grants from the National Science Foundation and the National Security Agency at the Laboratory for Information Security Technology at George Mason University. All correspondence should be addressed to Ravi Sandhu, ISE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, saudhuQisse.gmu.edu, wwv.list.gmu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise. to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. RBAC ‘99 10199 Fairfax, VA, USA\",\"PeriodicalId\":355233,\"journal\":{\"name\":\"ACM Workshop on Role-Based Access Control\",\"volume\":\"81 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"150\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Role-Based Access Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/319171.319176\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/319171.319176","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The RSL99 language for role-based separation of duty constraints
Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties. *This work is partially supported by grants from the National Science Foundation and the National Security Agency at the Laboratory for Information Security Technology at George Mason University. All correspondence should be addressed to Ravi Sandhu, ISE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, saudhuQisse.gmu.edu, wwv.list.gmu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise. to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. RBAC ‘99 10199 Fairfax, VA, USA
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
