Skip to main content
SpringerLink
Log in

Enforcing Separation of Duty in Attribute Based Access Control Systems

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

Abstract

Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it. Experiments on a wide range of data sets show encouraging results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Null indicates that the value of the attribute is unknown.

  2. 2.

    The other possible minimal set are {\(p_{3}\), \(p_{6}\)} or {\(p_{4}\), \(p_{6}\)}.

References

  1. Cormen, T.H.: Introduction to Algorithms. MIT press, Cambridge (2009)

    MATH  Google Scholar 

  2. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. In: IEEE Transactions on Dependable and Secure Computing (2015)

    Google Scholar 

  3. Medvet, E., Bartoli, A., Carminati, B., Ferrari, E.: Evolutionary Inference of Attribute-Based Access Control Policies. In: Gaspar-Cunha, A., Henggeler Antunes, C., Coello, C.C. (eds.) EMO 2015. LNCS, vol. 9018, pp. 351–365. Springer, Heidelberg (2015)

    Google Scholar 

  4. Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandhu, R., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (2014)

    Google Scholar 

  5. Nurmamat, H., Rahman, K.: Attribute based access control constraint based on subject similarity. In: Proceedings of the IEEE Workshop on Advanced Research and Technology in Industry Applications, pp. 226–229 (2014)

    Google Scholar 

  6. Lakkaraju, S., Dianxiang, X.: Integrated modeling and analysis of attribute based access control policies and workflows in healthcare. In: Proceedings of the International Conference on Trustworthy Systems and their Applications (TSA), pp. 36–43. IEEE (2014)

    Google Scholar 

  7. Zaman, B.K., Krishnan, R., Sandhu, R.: Towards an attribute based constraints specification language. In: Proceedings of the IEEE International Conference on Social Computing, pp. 108–113 (2013)

    Google Scholar 

  8. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from RBAC policies. In: Proceedings of the International Conference and Expo on Emerging Technologies for a Smarter World, pp. 1–6. IEEE (2013)

    Google Scholar 

  9. Jin, X., Krishnan, R., Sandhu, R.S.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Proceedings of the 26th Annual Conference on Data and Applications Security and Privacy, pp. 41–55 (2012)

    Google Scholar 

  10. Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-based policies into role-based access control. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 187–196. ACM (2012)

    Google Scholar 

  11. Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation-of-duty. In: ACM Transactions on Information and System Security (TISSEC) (2007)

    Google Scholar 

  12. Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 49–58. ACM (2006)

    Google Scholar 

  13. Yuan, E. Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Workshop on Web Services (2005)

    Google Scholar 

  14. Ernesto, D., Vimercati, S.D.C.D., Samarati, P.: New paradigms for access control in open environments. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)

    Google Scholar 

  15. Lingyu, W., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the ACM Workshop on Formal Methods in Security Engineering, pp. 45–55 (2004)

    Google Scholar 

  16. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. In: IEEE Computer, pp. 38–47 (1999)

    Google Scholar 

  17. Osborn, S.: Mandatory access control and role-based access control revisited. In: Proceedings of the 2nd ACM Workshop on Role-Based Access Control, pp. 31–40 (1997)

    Google Scholar 

  18. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On protection in operating systems. In: Communications of the ACM, pp. 461–471 (1976)

    Google Scholar 

  19. Clark, D.D., Wilson, D.R.: A comparision of commercial and military computer security policies. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, pp. 184–194. IEEE Computer Society (1987)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Advanced Technology Development Centre, Indian Institute of Technology, Kharagpur, India

    Sadhana Jha

  2. School of Information Technology, Indian Institute of Technology, Kharagpur, India

    Shamik Sural

  3. MSIS Department, Rutgers University, Newark, USA

    Vijayalakshmi Atluri & Jaideep Vaidya

Authors
  1. Sadhana Jha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijayalakshmi Atluri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaideep Vaidya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shamik Sural .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, Fairfax, Virginia, USA

    Sushil Jajoda

  2. Jadavpur University, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Jha, S., Sural, S., Atluri, V., Vaidya, J. (2015). Enforcing Separation of Duty in Attribute Based Access Control Systems . In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26961-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26960-3

  • Online ISBN: 978-3-319-26961-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation