University of Kent - The UK's European University

University of Kent - Home

Gold award for Kent in Teaching Excellence Framework TEF

About
Planning and strategy
Strategy: Kent 2025

UK's European university

Annual review and reports

How we operate
Committees
Governance
Constitution

Regulations

Charity information

Modern Slavery Act Transparency Statement

People
Vice-Chancellor

Executive Group

Principal officers

Honorary graduates

Departments
Schools and faculties

Professional services

External services

Complete A-Z

More about Kent
Career Opportunities

Essential Kent

Eastern ARC

Regional impact

Community relations

Events and what's on
Full calendar

Undergraduate term dates

Gulbenkian
Research
Excellence at Kent
Latest research news

REF 2021

Research impact

Expertise

Publications

Public engagement

Departments/people
Find a Kent expert

Schools and faculties

Research Services

Innovation & Enterprise

Graduate School

Academic/research jobs

Research degrees
Search courses

Research degrees

How to apply

Postgraduate funding

Graduate school
Courses
Undergraduate courses
Search courses
How to apply
Fees and funding
Undergraduate courses 2023
Search courses
How to apply
Fees and funding
Study abroad
Go abroad

Postgraduate courses
Search courses

How to apply

Research degrees

Taught courses

Fees and funding

Part-time and short courses
Online prospectus

Summer schools

International
Foundation (IFP)
Pre-sessional English

Short-term programmes

Visit Kent
Open Days

Applicant Days

Informal visits

Kent around the world

Useful links
Accommodation

Fees and funding

Scholarships

Locations

Information for...
International students

Parents and family

Applicants

New students
Locations
UK locations
Canterbury

Medway
Tonbridge

Validated institutions

European centres
Brussels

Paris

Other locations
Exchanges with over 100 overseas universities
International
Courses
Study and work abroad

Double-degrees

Short-term study options

'International' courses

Erasmus exchanges

International students
Study at Kent

Application process

When you arrive

International Partnerships
Worldwide partnerships

International exchanges

Alumni groups/networks

Contacts
International Recruitment

International Partnerships

English & world languages

Strategy & reputation
International impact

World-leading research

UK's European university

Maps
International impact

International Research Impact

Campus locations
Business
International expertise
Business services

Collaborative projects
Consultancy
Facilities
Employability points

Courses
Undergraduate

Postgraduate

Part-time (undergraduate)

Executive education

Contacts
Careers & Employability Service

Innovation & Enterprise

Kent Business School

Conferences and functions

Sports centre and facilities
News
News Centre
Latest stories
Expert comment
Press office
Social media
RSS feeds

Students and staff
Student news
Staff news
Campus transport news
IT service alerts
Submit a story
Alumni
Lasting connections...
Alumni and friends

News

Events

Community

Alumni groups

Former staff

Useful links
Telephone Campaign

Congregations

Honorary graduates

Discount on fees

Alumni scholarships

Online giftshop
Giving
Major projects
Kent Law Campaign

Kent Opportunity Fund

Hong Kong & China Portal

Ways to give
Telephone Campaign

Online

By post or phone

Other options..

School of Computing

Search

School of Computing

Multi-Session Separation of Duties (MSoD) for RBAC

David W Chadwick, Wensheng Xu, Sassa Otenko, Romain Laborde, and Bassem Nasser

In First International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), pages 182-196, Istanbul, Turkey, April 2007.

Abstract

Separation of duties (SoD) is a key security requirement for many business and information systems. Role Based Access Controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynamic SoD policies assume that conflicts of interest can only arise during the simultaneous activation of a user's roles. Unfortunately neither of these assumptions hold true in dynamic virtual organisations (VOs), or in business processes that span multiple user sessions, or where users only partially disclose their roles at each session. In this paper we propose multi-session SoD (MSoD) policies for business processes which include multiple tasks enacted by multiple users over many user access control sessions. We explore the means to define MSoD policies in RBAC via multi-session mutually exclusive roles (MMER) and multi-session mutually exclusive privileges (MMEP). We propose an approach to expressing MSoD policies in XML and enforcing MSoD policies in a policy controlled RBAC infrastructure. Finally, we describe how we have implemented MSoD policies in the PERMIS Privilege Management Infrastructure

Download publication 471 kbytes (PDF)

Bibtex Record

@inproceedings{2529,
author = {David W Chadwick and Wensheng Xu and Sassa Otenko and Romain Laborde and Bassem Nasser},
title = {Multi-{S}ession {S}eparation of {D}uties ({MS}o{D}) for {RBAC}},
month = {April},
year = {2007},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2007/2529},
    publication_type = {inproceedings},
    submission_id = {4341_1179405490},
    booktitle = {First International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07)},
    address = {Istanbul, Turkey},
}

School of Computing, University of Kent, Canterbury, Kent, CT2 7NF

Enquiries: +44 (0)1227 824180 or contact us.

Last Updated: 21/03/2014

© University of Kent - Contact | Feedback | Legal | FOI | Cookies