The RSL99 Language for Role-Based Separation of Duty Constraints

Gail Joon Ahn, Ravi Sandhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

84 Scopus citations

Abstract

Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been little work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties.

Original languageEnglish (US)
Title of host publicationRBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control
PublisherAssociation for Computing Machinery, Inc
Pages43-54
Number of pages12
ISBN (Electronic)9781581131802
DOIs
StatePublished - 1999
Externally publishedYes
Event4th ACM Workshop on Role-Based Access Control, RBAC 1999 - Fairfax, United States
Duration: Oct 28 1999Oct 29 1999

Publication series

NameRBAC 1999 - Proceedings of the 4th ACM Workshop on Role-Based Access Control

Conference

Conference4th ACM Workshop on Role-Based Access Control, RBAC 1999
Country/TerritoryUnited States
CityFairfax
Period10/28/9910/29/99

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'The RSL99 Language for Role-Based Separation of Duty Constraints'. Together they form a unique fingerprint.

Cite this