A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy
There are considerable number of approaches to policy specification both for security management and policy driven network management purposes as reported in . This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in the design and Modelling of obligation Policy as delegation in information security by considering separation of duty and trust as pre-requisite conditions for delegation. The formal structures of the Delegation models developed was adapted from the Mathematical structures of Separation of duty (both Static and Dynamic SoD) in RBAC environment as described in  and . Three factors of Properties, Experiences and Recommendation as described in  were used for the Trust Modelling. Future works proposed include the development of a formal model for revocation after delegation and integration of appropriate authorization policy with the model.
 Barka E. and Sandhu R, “Role-Based Delegation Model/Hierarchical Roles (RBDM1)”, In proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), pp. 396-404, 2004
 Crampton J. and Khambhammettu H., “Delegation in Role-Based Access Control”, International Journal of Information Security, Vol. 7, No. 2, pp. 123-136, 2008.
 Chakraborty S. and Ray I., “Integrating Trust Relationships into the RBAC model for access control in open Systems”, In proceeding of the 11 th ACM Symposium on Access Control Models and Technologies, Pages 49-58, 2006.
 Clark D. D. and Wilson D. R., “A Comparison of Commercial and Military Computer Security Policies”, IEEE Symposium on Security and Privacy, Oakland, California, pp. 184-194. 1987
 Clark D. D., and D. R. Wilson, “Evolution of a Model for Computer Integrity,” in Report of the Invitational Workshop on Data Integrity, Z.G. Ruthberg and W.T. Polk (eds.), NIST Special Publication 500-168, Appendix A, 1989.
 Ferriaolo David, Cugini Janet, and Kuhn Richard., “Role-based access control (RBAC): Features and motivations”. In Proceedings of 11 th Annual Computer Security Application Conference, pages 241-48, New Orleans, LA, December 11-15 1995.
 Gligor V. D., Gavrila S. I., Ferraiolo D., “On the Formal Definition of Separation-of-Duty Policies and their Composition”, IEEE Symposium on Security and Privacy, 3-6 May 1998, Oakland, California.
 Gligor, V. D., S. I. Gavrila, and J. Cugini, “The RBAC Security Policy Model”, http://cspa09.ncsl.nist.gov/disk2/rbac/docs/model.ps. 1999.
 Hummel, A. A., K. Deinhart, S. Lorenz, V. D. Gligor, “Role-Based Security Administration”, Sicherheit in Informationsystemen (K. Bauknecht, D. Karagiannis, and S. Teufel (eds.)), vdf Hochschulverlag, ETH Zurich, pp. 69-92, March 1996.
 Josang A., “An Algebra for Assessing trust in Certification Chains”, In Proceedings of the Network and Distributed Systems Security Symposium, Australian. 1999.
 Josang A. and Bhuiyan T., “Optimal Trust Network Analysis with Subjective Logic”, In Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies. 2008.
 Josang A., “Artificial Reasoning with Subjective Logic”, In Proceedings of the 2 nd Australian Workshop on CommonSense Reasoning. 1997.
 Josang A, Gray E, and Kinateder M, “Simplification and Analysis of Transitive Trust Networks”, Web Intelligence and Agents Systems, 4 (2): 139 – 161, 2006.
 Ray I., Ray I, and Chakraborty S. (2009), “An Interoperable Context sensitive Model of Trust” Journal of Intelligent Information Systems, 32(1): 75 – 104. 2006
 Li Ninghui and Wang Qihua, “Beyond Separation of Duty: An Algebra for Specifying High level Security Policies”, CCS’06 (ACM), October 30–November 3, Alexandria, Virginia, USA. 2006.
 Nash M. J. and K. R. Poland, “Some Conundrums Concerning Separation of Duty” Proceeding of IEEE Symposium on Security and Privacy, Oakland, California, pp. 201-207. 1990.
 Ogundele O.S., “Design of a Multilevel Access Control Models based on Attributes, Separation of duty and Trust”. PhD Thesis. Federal University of Technology, Akure, Nigeria, 2011.
 Saltzer J.H. and Schroeder M.D., “The Protection of Information in Computer Systems”, Proceedings of the IEEE 63(9): 1278 – 1308, 1975
 Sloman M. and Lupu E. C., “Security and management policy specification”. IEEE Network, Special Issue on Policy-Based Networking, 16(2):10–19, March/April 2002.
 Simon R. T., and Zurko M. E., “Separation of Duty in Role-Based Environments,” Proc. of Computer Security Foundations Workshop X, Rockport, Massachusetts, June 1997
 Toahchoodee M., Xie X., and Ray I., “Towards Trustworthy Delegation in Role Based Access Control Model”, In Proceedings of ISC 2009 Conference, Pg 379 –394, Pisa, Italy, 2009
 Ye Chunxiao and Wu Zhongfu and Fu Yunqing, “An Attribute-Based Delegation Model and Its Extension”, Journal of Research and Practice in Information Technology Vol. 38, No. 1, 2006.
 Zhang, X.W., Oh, S. And Sandhu, R. S., “PBDM: A flexible delegation model in RBAC”. Proceedings of the 8 th ACM Symposium on Access Control Models and Technologies (SACMAT’03). Como, Italy, 2003.