Int. J. of Internet Technology and Secured Transactions   »   2012 Vol.4, No.2/3

 

 

Title: Mutually exclusive permissions in RBAC

 

Authors: Muhammad Asif Habib; Qaisar Abbas

 

Addresses:
FIM, Johannes Kepler University, Altenbergerstraße 69, A-4040 Linz, Austria; Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan.
Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan

 

Abstract: Role-based access control (RBAC) always provides tight security of information and ease of management to security policy. There are certain constraints which make the information security tight. Separation of duty (SOD) in terms of mutual exclusion and role inheritance (RI) are some of those constraints which provide security of information and make the management of security policy easier. On one side after implementing separation of duty, we may able to get tight security but on the other side it can create complexity for the security administrator and the end users who use the system. Implementing mutual exclusion on the basis of roles reduces the authority of the RBAC user for which the user is authorised. In this paper, we describe the complexities and complications which can be faced after implementing separation of duty in terms of mutually exclusive roles (MER). We also describe the problems which can be faced if either the role inheritance is not implemented or implemented in an incomplete manner. We also propose a model to counter the problems.

 

Keywords: dynamic separation of duty; DSOD; mutually exclusive roles; MERs; conflict of interest; role inheritance; role-based access control; RBAC; mutually exclusive permissions; MEPs; information security.

 

DOI: 10.1504/IJITST.2012.047962

 

Int. J. of Internet Technology and Secured Transactions, 2012 Vol.4, No.2/3, pp.207 - 220

 

Submission date: 26 Sep 2011
Date of acceptance: 16 Mar 2012
Available online: 16 Jul 2012

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article