A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy

Authors

  • Oloruntoba Samuel Ogundele Department of Computer Science, Federal University of Technology, Akure, Nigeria
  • O. S. Adewale Department of Computer Science, Federal University of Technology, Akure, Nigeria
  • B. K. Alese Department of Computer Science, Federal University of Technology, Akure, Nigeria
  • S. O. Falaki Department of Computer Science, Federal University of Technology, Akure, Nigeria

Abstract

There are considerable number of approaches to policy specification both for security management and policy driven network management purposes as reported in [20]. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in the design and Modelling of obligation Policy as delegation in information security by considering separation of duty and trust as pre-requisite conditions for delegation. The formal structures of the Delegation models developed was adapted from the Mathematical structures of Separation of duty (both Static and Dynamic SoD) in RBAC environment as described in [8] and [16]. Three factors of Properties, Experiences and Recommendation as described in [22] were used for the Trust Modelling. Future works proposed include the development of a formal model for revocation after delegation and integration of appropriate authorization policy with the model.

Downloads

Download data is not yet available.

References

[1] Barka E. and Sandhu R, “A Role-based Delegation Model and Some Extensions”, In proceedings of 16th Annual Computer Security Application Conference, pp. 168-176, 2000.
[2] Barka E. and Sandhu R, “Role-Based Delegation Model/Hierarchical Roles (RBDM1)”, In proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), pp. 396-404, 2004
[3] Crampton J. and Khambhammettu H., “Delegation in Role-Based Access Control”, International Journal of Information Security, Vol. 7, No. 2, pp. 123-136, 2008.
[4] Chakraborty S. and Ray I., “Integrating Trust Relationships into the RBAC model for access control in open Systems”, In proceeding of the 11 th ACM Symposium on Access Control Models and Technologies, Pages 49-58, 2006.
[5] Clark D. D. and Wilson D. R., “A Comparison of Commercial and Military Computer Security Policies”, IEEE Symposium on Security and Privacy, Oakland, California, pp. 184-194. 1987
[6] Clark D. D., and D. R. Wilson, “Evolution of a Model for Computer Integrity,” in Report of the Invitational Workshop on Data Integrity, Z.G. Ruthberg and W.T. Polk (eds.), NIST Special Publication 500-168, Appendix A, 1989.
[7] Ferriaolo David, Cugini Janet, and Kuhn Richard., “Role-based access control (RBAC): Features and motivations”. In Proceedings of 11 th Annual Computer Security Application Conference, pages 241-48, New Orleans, LA, December 11-15 1995.
[8] Gligor V. D., Gavrila S. I., Ferraiolo D., “On the Formal Definition of Separation-of-Duty Policies and their Composition”, IEEE Symposium on Security and Privacy, 3-6 May 1998, Oakland, California.
[9] Gligor, V. D., S. I. Gavrila, and J. Cugini, “The RBAC Security Policy Model”, http://cspa09.ncsl.nist.gov/disk2/rbac/docs/model.ps. 1999.
[10] Hummel, A. A., K. Deinhart, S. Lorenz, V. D. Gligor, “Role-Based Security Administration”, Sicherheit in Informationsystemen (K. Bauknecht, D. Karagiannis, and S. Teufel (eds.)), vdf Hochschulverlag, ETH Zurich, pp. 69-92, March 1996.
[11] Josang A., “An Algebra for Assessing trust in Certification Chains”, In Proceedings of the Network and Distributed Systems Security Symposium, Australian. 1999.
[12] Josang A. and Bhuiyan T., “Optimal Trust Network Analysis with Subjective Logic”, In Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies. 2008.
[13] Josang A., “Artificial Reasoning with Subjective Logic”, In Proceedings of the 2 nd Australian Workshop on CommonSense Reasoning. 1997.
[14] Josang A, Gray E, and Kinateder M, “Simplification and Analysis of Transitive Trust Networks”, Web Intelligence and Agents Systems, 4 (2): 139 – 161, 2006.
[15] Ray I., Ray I, and Chakraborty S. (2009), “An Interoperable Context sensitive Model of Trust” Journal of Intelligent Information Systems, 32(1): 75 – 104. 2006
[16] Li Ninghui and Wang Qihua, “Beyond Separation of Duty: An Algebra for Specifying High level Security Policies”, CCS’06 (ACM), October 30–November 3, Alexandria, Virginia, USA. 2006.
[17] Nash M. J. and K. R. Poland, “Some Conundrums Concerning Separation of Duty” Proceeding of IEEE Symposium on Security and Privacy, Oakland, California, pp. 201-207. 1990.
[18] Ogundele O.S., “Design of a Multilevel Access Control Models based on Attributes, Separation of duty and Trust”. PhD Thesis. Federal University of Technology, Akure, Nigeria, 2011.
[19] Saltzer J.H. and Schroeder M.D., “The Protection of Information in Computer Systems”, Proceedings of the IEEE 63(9): 1278 – 1308, 1975
[20] Sloman M. and Lupu E. C., “Security and management policy specification”. IEEE Network, Special Issue on Policy-Based Networking, 16(2):10–19, March/April 2002.
[21] Simon R. T., and Zurko M. E., “Separation of Duty in Role-Based Environments,” Proc. of Computer Security Foundations Workshop X, Rockport, Massachusetts, June 1997
[22] Toahchoodee M., Xie X., and Ray I., “Towards Trustworthy Delegation in Role Based Access Control Model”, In Proceedings of ISC 2009 Conference, Pg 379 –394, Pisa, Italy, 2009
[23] Ye Chunxiao and Wu Zhongfu and Fu Yunqing, “An Attribute-Based Delegation Model and Its Extension”, Journal of Research and Practice in Information Technology Vol. 38, No. 1, 2006.
[24] Zhang, X.W., Oh, S. And Sandhu, R. S., “PBDM: A flexible delegation model in RBAC”. Proceedings of the 8 th ACM Symposium on Access Control Models and Technologies (SACMAT’03). Como, Italy, 2003.

Downloads

Published

2011-10-03

How to Cite

Ogundele, O. S., Adewale, O. S., Alese, B. K., & Falaki, S. O. (2011). A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy. Journal of Computer Science and Technology, 11(02), p. 100–107. Retrieved from https://journal.info.unlp.edu.ar/JCST/article/view/675

Issue

Section

Original Articles