A provenance-based access control model for dynamic separation of duties | IEEE Conference Publication | IEEE Xplore

A provenance-based access control model for dynamic separation of duties


Abstract:

Dynamic Separation of Duties (DSOD) is a well-known and important concept in cyber security, which has been extensively studied in the literature. The published literatur...Show More

Abstract:

Dynamic Separation of Duties (DSOD) is a well-known and important concept in cyber security, which has been extensively studied in the literature. The published literature mostly assumes that necessary information for enabling DSOD constraints is readily available. As such, there has been little discussion on the tasks of capturing, storing, extracting, and utilizing necessary historical information. Since this information is often in the form of system events history, provenance data is naturally suitable as the source for DSOD-related information. Recently the notion of provenance-based access control (PBAC) has been formulated and a base PBAC model (PBACB) together with an underlying provenance data model has been formally specified [19], [22]. Unlike Role-based Access Control where DSOD is modeled as a constraint, PBACB directly maintains and utilizes the necessary information for DSOD enforcement. In this paper, we propose an enhanced model, PBACc, by extending both the provenance data model and the PBACB model to enforce various DSOD policy classes identified in the literature, and go beyond these to specify novel DSOD policy classes. A proof-of-concept prototype is implemented and evaluated to demonstrate the feasibility of our approach.
Date of Conference: 10-12 July 2013
Date Added to IEEE Xplore: 12 September 2013
Electronic ISBN:978-1-4673-5839-2
Conference Location: Tarragona, Spain

References

References is not available for this document.