Title: Role inheritance with object-based DSD

Authors: Muhammad Asif Habib

Addresses: FIM, Johannes Kepler University, Altenbergerstrasse 69, A-4040 Linz, Austria

Abstract: Role-based access control (RBAC) is an evolution in the field of access control. RBAC offers tight security of information and ease of management to implement. The focus of this paper is on some of the important factors in RBAC, i.e., dynamic separation of duty (DSD) which is implemented to avoid internal security threats and role inheritance. We discuss DSD from a different perspective, i.e., object-based dynamic separation of duty. Also, we discuss permission level inheritance from object perspective. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a definition of DSD from different perspective and elaborate the importance of role inheritance. Different examples have been given regarding object-based DSD with different scenarios. We also describe the benefits of implementing the proposed definition of DSD.

Keywords: role-based access control; RBAC; role inheritance; object-based DSD; permission level inheritance; dynamic separation of duty; security.

DOI: 10.1504/IJITST.2011.039775

International Journal of Internet Technology and Secured Transactions, 2011 Vol.3 No.2, pp.149 - 160

Available online: 19 Apr 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article