Cheon Eun Hong, Kim Dong Kyoo

The Transactions of the Korea Information Processing Society (1994 ~ 2000), Vol. 5, No. 7, pp. 1801-1812, Jul. 1998
10.3745/KIPSTE.1998.5.7.1801,   PDF Download:

Abstract

The MAC(Mandatory Access Control) and DAC(Discretionary Access Control) policies which it was described for access control had been explored to prevent the unauthorized disclosure of classified information. A RBAC(Role Based Access Control) has been focused as an alternative to realize integrity for organization's information assets in commercial environment. A separation of duty for a authority and responsibility according to perform privileges has been researched today. With RBAC, when a user is assigned roles in a mutual exclusive sets, user must perform only privileges to ensure mutual exclusive property. There are some difficulties in representation and assignments of privileges for mutual exclusive roles. In this paper, we examine the inheritance properties of roles with partial ordering relations, and classify a kind of forms for the role hierarchy. We examine the relationships between roles and privileges, and modeling object privileges to ordinary privileges using the property of direct acyclic graph. A Privilege Graph can provide flexibility in representations and assignments of mutually exclusive privileges. We define the separation of duty including mutual exclusive roles and propose safety properties, and show that the role management algorithms can enforce separation of duty.

Statistics
Cite this article