Permission-Based Separation of Duty Model on Role-Based Access Control


The KIPS Transactions:PartC, Vol. 11, No. 6, pp. 725-730, Dec. 2004
10.3745/KIPSTC.2004.11.6.725,   PDF Download:

Abstract

Separation of Duty(SOD), with delegation, is one of important security principles in access control area. The role-based access control model adopts SOD principle, but it has some problems: SOD concept is inconsistent with role hierarchy, permissions that have no relation with SOD may be restricted, and delegation may violate SOD, We propose permission-based SOD model on role-based access control. We establishes SOD as a set of permissions instead of role level SOD. Furthermore we propose a principle of role activation. It solves SOD problems of RBAC and supports easy implementation of SOD policy.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
S. J. Oh, "Permission-Based Separation of Duty Model on Role-Based Access Control," The KIPS Transactions:PartC, vol. 11, no. 6, pp. 725-730, 2004. DOI: 10.3745/KIPSTC.2004.11.6.725.

[ACM Style]
Se Jong Oh. 2004. Permission-Based Separation of Duty Model on Role-Based Access Control. The KIPS Transactions:PartC, 11, 6, (2004), 725-730. DOI: 10.3745/KIPSTC.2004.11.6.725.