Enforcing separation of duty in attribute based access control systems

Sadhana Jha; Shamik Sural; Vijayalakshmi Atluri; Jaideep Vaidya

doi:10.1007/978-3-319-26961-0_5

Enforcing separation of duty in attribute based access control systems

Sadhana Jha, Shamik Sural, Vijayalakshmi Atluri, Jaideep Vaidya

Rutgers Business School, Management & Information Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Scopus citations

Abstract

Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it.Experiments on a wide range of data sets show encouraging results.

Original language	English (US)
Title of host publication	Information Systems Security - 11th International Conference, ICISS 2015, Proceedings
Editors	Sushil Jajodia, Chandan Mazumdar
Publisher	Springer Verlag
Pages	61-78
Number of pages	18
ISBN (Print)	9783319269603
DOIs	https://doi.org/10.1007/978-3-319-26961-0_5
State	Published - 2015
Event	11th International Conference on Information Systems Security, ICISS 2015 - Kolkata, India Duration: Dec 16 2015 → Dec 20 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9478
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	11th International Conference on Information Systems Security, ICISS 2015
Country/Territory	India
City	Kolkata
Period	12/16/15 → 12/20/15

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Keywords

Attribute based access control
Mutually exclusive policies
Policy enforcement
Separation of duty

Access to Document

10.1007/978-3-319-26961-0_5

Cite this

Jha, S., Sural, S., Atluri, V., & Vaidya, J. (2015). Enforcing separation of duty in attribute based access control systems. In S. Jajodia, & C. Mazumdar (Eds.), Information Systems Security - 11th International Conference, ICISS 2015, Proceedings (pp. 61-78). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9478). Springer Verlag. https://doi.org/10.1007/978-3-319-26961-0_5

Jha, Sadhana ; Sural, Shamik ; Atluri, Vijayalakshmi et al. / Enforcing separation of duty in attribute based access control systems. Information Systems Security - 11th International Conference, ICISS 2015, Proceedings. editor / Sushil Jajodia ; Chandan Mazumdar. Springer Verlag, 2015. pp. 61-78 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9872f08def4e4b898a8223e35b4b3fb8,

title = "Enforcing separation of duty in attribute based access control systems",

abstract = "Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it.Experiments on a wide range of data sets show encouraging results.",

keywords = "Attribute based access control, Mutually exclusive policies, Policy enforcement, Separation of duty",

author = "Sadhana Jha and Shamik Sural and Vijayalakshmi Atluri and Jaideep Vaidya",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 11th International Conference on Information Systems Security, ICISS 2015 ; Conference date: 16-12-2015 Through 20-12-2015",

year = "2015",

doi = "10.1007/978-3-319-26961-0_5",

language = "English (US)",

isbn = "9783319269603",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "61--78",

editor = "Sushil Jajodia and Chandan Mazumdar",

booktitle = "Information Systems Security - 11th International Conference, ICISS 2015, Proceedings",

address = "Germany",

}

Jha, S, Sural, S, Atluri, V & Vaidya, J 2015, Enforcing separation of duty in attribute based access control systems. in S Jajodia & C Mazumdar (eds), Information Systems Security - 11th International Conference, ICISS 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9478, Springer Verlag, pp. 61-78, 11th International Conference on Information Systems Security, ICISS 2015, Kolkata, India, 12/16/15. https://doi.org/10.1007/978-3-319-26961-0_5

Enforcing separation of duty in attribute based access control systems. / Jha, Sadhana; Sural, Shamik; Atluri, Vijayalakshmi et al.

Information Systems Security - 11th International Conference, ICISS 2015, Proceedings. ed. / Sushil Jajodia; Chandan Mazumdar. Springer Verlag, 2015. p. 61-78 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9478).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Enforcing separation of duty in attribute based access control systems

AU - Jha, Sadhana

AU - Sural, Shamik

AU - Atluri, Vijayalakshmi

AU - Vaidya, Jaideep

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it.Experiments on a wide range of data sets show encouraging results.

AB - Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it.Experiments on a wide range of data sets show encouraging results.

KW - Attribute based access control

KW - Mutually exclusive policies

KW - Policy enforcement

KW - Separation of duty

UR - http://www.scopus.com/inward/record.url?scp=84951952558&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951952558&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-26961-0_5

DO - 10.1007/978-3-319-26961-0_5

M3 - Conference contribution

AN - SCOPUS:84951952558

SN - 9783319269603

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 61

EP - 78

BT - Information Systems Security - 11th International Conference, ICISS 2015, Proceedings

A2 - Jajodia, Sushil

A2 - Mazumdar, Chandan

PB - Springer Verlag

T2 - 11th International Conference on Information Systems Security, ICISS 2015

Y2 - 16 December 2015 through 20 December 2015

ER -

Jha S, Sural S, Atluri V , Vaidya J. Enforcing separation of duty in attribute based access control systems. In Jajodia S, Mazumdar C, editors, Information Systems Security - 11th International Conference, ICISS 2015, Proceedings. Springer Verlag. 2015. p. 61-78. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-26961-0_5

Enforcing separation of duty in attribute based access control systems

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this