To read this content please select one of the options below:

Formal definition and implementation of business‐oriented SoD access control policy

Wang Xing‐fen (Management School, Harbin Institute of Technology, Harbin, China)
Li Yi‐jun (Management School, Harbin Institute of Technology, Harbin, China)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 December 2004

745

Abstract

Based on organizational task decomposition, an extensive role‐based access control (ERBAC) model is proposed in this paper. In ERBAC, the abstract concept of “permission” in RBAC96 is substituted by a set of “tasks”, mutual exclusion of basic business actions and mutual exclusion of roles are presented, and separation of duty (SoD) policy is defined formally. Furthermore, a method of identifying mutual exclusion of roles is described, and static SoD and dynamic SoD algorithms are discussed. This paper is significant for modeling and implementing business‐oriented SoD policy for information systems.

Keywords

Citation

Xing‐fen, W. and Yi‐jun, L. (2004), "Formal definition and implementation of business‐oriented SoD access control policy", Information Management & Computer Security, Vol. 12 No. 5, pp. 379-388. https://doi.org/10.1108/09685220410563351

Publisher

:

Emerald Group Publishing Limited

Copyright © 2004, Emerald Group Publishing Limited

Related articles