Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. TISSEC 2(1) (1999) 3--33  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of Duties To eliminate conflict of interest, the principle of separation of duties requires that an individual should not be allowed to perform all critical functions in a business transaction. We require that the specification model supports the following kinds of constraints as identified in [15, 13]. The notion of static separation of duty requires that two given roles should never be assigned to the same person or, in some cases, to persons related to each other. Another example in this category is user user conflict, which disallows two particular users to be assigned to the same role. ....

Matunda Nyanchama and Sylvia Osborn. The role graph model and conflict of interest. ACM Transaction on Information System Security, 2(1):3--33, February 1999.

....Graph rules do not have to be mono operational and object creation is possible. Subject nodes chosen from a predefined finite set can be added to the system graph using the graph rules. The graph transformations do not have to be non monotonical in the sense of [SS92] There are other approaches [NO99,JT01] to the graphical representation of constraints in access control. The first defines a graphical model to combine role inheritance and separation of duty constraints. The second one uses a graphical model to express constraints based on set identification and set comparison. Neither paper deals ....

M. Nyanchama and S.L. Osborne. The Role Graph Model and Conflict of Interest. ACM Trans. of Info. and System Security, 1(2):3--33, 1999.

....rights, e.g. create subject, are trusted for not violating security properties. In RBAC (Role Based Access Control) 22] safety of various role based constraints, such as separation of duties , have been analyzed with logical expression using rule based systems [2] and graphical models [11, 17, 18]. In this paper, we present how finite state techniques, such as model checking, can be utilized for correctness verification in a role based collaboration model. The primary motivation of our approach is to use existing model checking tools to verify security requirements of CSCW systems during ....

M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. ACM Transaction on Information System Security, 2(1):3--33, February 1999.

....supervisor to handle the verification of the details of a particularly complex invoice. What never happens is that the same purchasing officer verifies an invoice that he entered into the system, or the same supervisor who verifies an invoice is permitted to authorize payment against it. Now [18, 2, 9, 16] claim that RBAC covers dynamic separation of duties. 1] cites [15] when formulating his security policies using RBAC, but for the object based case (which is needed here) he only covers static SOD. 7] even explicitly introduces an example like the above one, with a formalization using RBAC. ....

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, Feb. 1999.

....actions of ill intentioned users can create financial or other damage to a company, it is common to identify combinations of operations which should not be authorised to a single user. Policies which deal with preventing fraud are called separation of duties policies. by Nyanchama and Osborn [NyOs 99] Figure 4.1: Definitions of Separation of Duty. 32 4.2.1 Taxonomy Although separation of duty is intuitively easy to understand, so far there is no systematic and comprehensive approach for applying many variations of this principle in security models. Separation of duty (SoD) can be ....

M. Nyanchama, S.L. Osborn. The role graph model and conflict of interest. In ACM Transactions on Information and Systems Security, 2(1):3-33, February 1999.

....and activation semantics between every pairs of roles in a hierarchy. Keywords: role based, access control, temporal hierarchy, 1 Introduction Role based access control (RBAC) has emerged as a promising alternative to traditional discretionary and mandatory access control (DAC and MAC) models [3, 7, 8, 9], which have some inherent limitations [10] Several beneficial features such as policy neutrality, support for least privilege, efficient access control management, are associated with RBAC models [2, 9] Such features make RBAC better suited for handling access control requirements of diverse ....

....not included in this paper because of the length restriction. The proofs can be easily constructed by using the transitivity of the hierarchical relations and considering all the cases of the rules. 5 Related Work Several researchers have addressed issues related to inheritance semantics in RBAC [3, 6, 7, 10]. However, none has addressed issues concerning the inheritance relation when temporal properties are introduced and when different types of hierarchical relations co exist in a role hierarchy. We have used the separate notion of hierarchy using permission usage and role activation semantics ....

M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. ACM Transactions on Information and System Security, 2(1):3-33, 1999.

....terrorist activities. Whilst cyber terrorism may not lead to the same loss of life, it is a significant threat to critical computer systems any serious architecture proposing secure access control (and associated administration) must explicitly address it. Role Based Access Control (RBAC) [9, 11, 8] has become a popular methodology for controlling the access privileges users are permitted to acquire in a system section 2 provides a brief introduction to RBAC. The Opera Research Group at the University of Cambridge Computer Laboratory have developed the OASIS system [2] to extend RBAC to ....

Matunda Nyanchama and Sylvia Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC), 2(1):3--33, 1999.

....is assumed to be forbidden. 2.2 Constraints in RBAC The model described above can confer broad privileges on users and occasionally this may not be desirable. Hence, we need a mechanism to fine tune the model. For example, some instantiations of the model may cause conflicts of interest [17]) in the form of incompatible privileges. The classic case occurs when a traveler who is claiming travel reimbursement ends up receiving the privilege to approve his her own expense claim. This anomalous situation could result if the traveler s manager transfers to the traveler all the privileges ....

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, 1999.

....can be described in terms of: 1) entities: users, roles, and privileges, 2) relationships between these entities, and 3) constraints over these relationships. A meta model is displayed in Figure 1. This meta model is a representation of a graph based model presented by Nyanchama and Osborn in [19]. CAN PLAY N N USER GROUP ROLE PRIVILEGE HOLDS Figure 1: Meta model. user (U) represent individual users. privileges (P) represent classes of rights to perform operations, tasks, access data and so on, possibly with explicit attributes. For example, travel approval(USS500) represents the ....

....former can also perform the latter. 2.1 Constraints The model described above can confer broad privileges on users and occasionally this may not be desirable. Hence, the need for a mechanism to fine tune the model. For exam ple, some instantiations of the model may cause conflicts of interest [19]) in the form of incompatible privileges. The classic case occurs when a traveler who is claiming travel reimbursement ends up receiving the privilege to approve his her own expense claim. Thus, constraints allow us to impose limitations on actual instantiations in a systematic manner, according ....

[Article contains additional citation context not shown here]

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3-33, 1999.

....to those resources for authorized users. There are a number of models of access control which aim to achieve this goal. Traditional models include discretionary access control (DAC) and mandatory access control (MAC) 19] A promising alternative to these models is role based access control (RBAC) [5, 6, 13, 16], which allows the specification of access control policy in a way that maps naturally to an organization s structure. This approach brings advantages such as easier understanding of access control policies and scalable administration. Traditional access control models can easily be simulated in ....

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security (TISSEC), 2(1):3--33, 1999.

....separation of duty in role based environments. The two categories of separation of duties that they identify are strong (Static) and weak (Dynamic) exclusion. Gligor et al. 6] use the observations made in [5] for a more formal description of separation of duties characteristics. Nyanchama et al. [7] introduce a taxonomy of types of conflict of interest in their role graph model. It puts emphasis on the different types of conflict of interest in the three planes of users, roles and permissions and the relations between and among them. 4.2 Role Hierarchies and their Impact on Separation of ....

Nyanchama M. and S. Osborn, "The role graph model and conflict of interest." Transactions on Information Systems Security, vol. 2, pp. Pages 3 - 33, 1999.

....of duties, dual control, number of roles, role administration, inheritance, least privilege 1. INTRODUCTION Role based access control is a well defined research area and there is an on going effort in the definition of a role based access control standard [1] Broadly accepted models exist [2] [3], 4] Research and commercial tools and applications have been developed to help with the engineering [5] 6] and management of roles [7] However, often research tools work with minimal testing datasets as no real figures for the number of users, roles and permissions in commercial systems have ....

....only the group needs to be assigned to a role and not each individual. The RBAC96 model does not allow for the assignment of groups to roles. It explicitly states that the assignment of users to roles is a relationship between (individual) users and roles. However, other approaches to RBAC, e.g. [3] have recognised the value of using the group as a basis for the definition of roles. The concept of domains as described in [13] can be used to provide a mechanism for grouping users. 4. Conclusion 4.1 The FUB System We have provided a case study of an access control system in a major European ....

Nyanchama M. and S. Osborn, "The role graph model and conflict of interest." Transactions on Information Systems Security, vol. 2, pp. Pages 3 - 33, 1999.

....allows for many Information Appliances to enumerate all modes of operations. If all modes of operations are enumerated policy can be based on a specific role a user plays in a certain mode, rather than on the identity of the user. This leads to very fine grain role based access control decisions [4, 52, 28, 12, 68]. For example, a user might be allowed to append to a certain database file on disk while performing a database transaction, but not be allowed to alter the 22 file arbitarily. This kind of fine grain access control can be used to enforce a Clark Wilson integrity policy [20] which relies on the ....

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, February 1999.

....This paper gives a formal definition of ARBAC99, motivates these enhancements and analyzes several subtle issues that arise in this context. 1 Introduction Role based access control (RBAC) is a promising access control technology for the modern computing environment (for recent literature, see [BFA99, GGF98, FBK99, NO99, SCFY96, San98, SBM99, ZSS99]) In RBAC permissions are associated with roles, and users are assigned to appropriate roles thereby acquiring the roles permissions. This greatly simplifies management. Roles are created for various job functions in an organization and users are assigned roles based on responsibilities and ....

Matunda Nyanchama and Sylvia Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1), February 1999.

....when we look at RBAC as illustrated in figure 3. In this case we have a multiplicity of security objectives. The ability to configure security objectives and policy is one of the main features of RBAC. There are a number of RBAC models that have been published [FK92, FCK95, FBK99, Gui95, NO95, NO99, RS98, SCFY96, San98a, TDH92, ZSS99] They differ in details but they all share some common characteristics. The RBAC96 model was the first comprehensive RBAC model to be published and has emerged as the best known and most authoritative model [SCFY96] RBAC96 is very rich in the scope of ....

Matunda Nyanchama and Sylvia Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1), February 1999.

....in a group graph, are presented. The interaction between the group graph and the role graph model of Nyanchama and Osborn is shown. More complex models of users and their compatibility with the group graph model are discussed. 1. INTRODUCTION In our previous work on role based access control ([6]) we have shown how to provide a rich model for a role hierarchy, which we call a role graph. Roles collect privileges or permissions into a single entity which can help simplify the granting of permissions to users. Our model also includes a user group plane, on which we model collections of ....

....not contradictory, and can in fact co exist easily. The group graph model is introduced in Section 2. Section 3 contains a discussion of using an object oriented model for users. A summary is given in Section 4. 2. THE GROUP GRAPH MODEL 2. 1 Groups The role graph model of Nyanchama and Osborn [5, 6] separates users, roles and privileges into three separate planes: a user group plane, a role plane and a privileges plane. Considerable work has been reported on algorithms for manipulating roles and role graphs [5, 6] to model role role relationships or role hierarchies[10] The roles in a role ....

[Article contains additional citation context not shown here]

M. Nyanchama and S. L. Osborn. The role graph model and conflict of interest. ACM TISSEC, 2(1):3--33, 1999.

No context found.

Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. TISSEC 2(1) (1999) 3--33

No context found.

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, 1999.

No context found.

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. TISSEC, 2(1):3--33, 1999.

No context found.

Nyanchama, M. and Osborn, S. (1999). The role graph model and conflict of interest. Transactions on Information Systems Security, 2(1):Pages 3 -- 33.

No context found.

M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. Transactions on Information and System Security (TISSEC), 2(1):3 -- 33, 1999.

No context found.

M. Nyanchama and S. Osborn, "The role graph model and conflict of interest," ACM Transactions on Information and System Security, vol. 2, pp. 3--33, Feb. 1999. ACM Press, New York, NY.

No context found.

M. Nyanchama and S. Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security 2, 1 (1999) 3--33.

No context found.

Nyanchama, M. and Osborn, S. `The Role Graph Model and Conflict of Interest ', ACM Transactions on Information and Systems Security, 2(1) p. 333 (1999).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC