n South African Computer Journal - Conflict analysis as a means of enforcing static separation of duty requirements in workflow environments
|Article Title||Conflict analysis as a means of enforcing static separation of duty requirements in workflow environments|
|© Publisher:||South African Computer Society (SAICSIT)|
|Journal||South African Computer Journal|
|Author||S. Perelson and R.A. Botha|
|Publication Date||Nov 2000|
|Pages||212 - 216|
|Keyword(s)||Access control, Authorisation constraints, D.4.6, G.2.3, H.4.1, K.6.5, Separation of duty and Workflow|
The increasing reliance on information technology to support business processes has emphasised the need for information security mechanisms. This, however, has resulted in an ever-increasing workload in terms of security administration. Policy-based approaches have been proposed, promising to lighten the workload of security administrators. Separation of duty is one of the principles cited as a requirement when setting up these policy-based mechanisms. Different types of separation of duty policies exist. They can be categorised into policies that can be enforced at administration time, viz. static separation of duty requirements and policies that can be enforced only at execution time, viz. dynamic separation of duty requirements. This paper deals with specifying static separation of duty requirements in role-based workflow environments. It proposes a mathematical model based on the concept of "Sconflicting entities"T to express static separation of duty requirements. It provides a detailed explanation of the integrity checking that must take place at administration time to ensure that specified separation of duty requirements are honoured.
Article metrics loading...