An Enhanced Role-Based Access Control Model using Static Separation of Duty Concept

  • Yenmunkong, Burin (Faculty of Information Technology, and Research Center for Communications and Information Technology (ReCCIT), King Mongkut's Institute of Technology Ladkrabang) ;
  • Sathitwiriyawong, Chanboon (Faculty of Information Technology, and Research Center for Communications and Information Technology (ReCCIT), King Mongkut's Institute of Technology Ladkrabang)
  • 발행 : 2004.08.25

초록

This paper proposes a simple but practically useful model for preventing fraud of users called "ERBAC03". The new model consists of qualified mandatory and discretionary features for roles and locations, including the assignment of permissions for the appropriate roles and the assignment of roles for the appropriate locations. Moreover, a static separation of duty (SSoD) principle is applied to the new model for integrity requirements of security systems. The paper also explores some extensions of ERBAC03 including the new model using the SSoD concept from some experiments. The experimental results prove the efficiency improvement of the proposed model that can make benefits for large enterprises.

키워드