Formal definition and implementation of business‐oriented SoD access control policy

Wang Xing‐fen (Management School, Harbin Institute of Technology, Harbin, China)
Li Yi‐jun (Management School, Harbin Institute of Technology, Harbin, China)

Information Management & Computer Security

ISSN: 0968-5227

Publication date: 1 December 2004

Abstract

Based on organizational task decomposition, an extensive role‐based access control (ERBAC) model is proposed in this paper. In ERBAC, the abstract concept of “permission” in RBAC96 is substituted by a set of “tasks”, mutual exclusion of basic business actions and mutual exclusion of roles are presented, and separation of duty (SoD) policy is defined formally. Furthermore, a method of identifying mutual exclusion of roles is described, and static SoD and dynamic SoD algorithms are discussed. This paper is significant for modeling and implementing business‐oriented SoD policy for information systems.

Keywords

Citation

Xing‐fen, W. and Yi‐jun, L. (2004), "Formal definition and implementation of business‐oriented SoD access control policy", Information Management & Computer Security, Vol. 12 No. 5, pp. 379-388. https://doi.org/10.1108/09685220410563351

Download as .RIS

Publisher

:

Emerald Group Publishing Limited

Copyright © 2004, Emerald Group Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.