Entry Basin:2012:DEA from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Basin:2012:DEA,
  author =       "David Basin and Samuel J. Burri and G{\"u}nter
                 Karjoth",
  title =        "Dynamic enforcement of abstract separation of duty
                 constraints",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "3",
  pages =        "13:1--13:??",
  month =        nov,
  year =         "2012",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2382448.2382451",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Wed Nov 28 17:25:14 MST 2012",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Separation of Duties (SoD) aims at preventing fraud
                 and errors by distributing tasks and associated
                 authorizations among multiple users. Li and Wang [2008]
                 proposed an algebra (SoDA) for specifying SoD
                 requirements, which is both expressive in the
                 requirements it formalizes and abstract in that it is
                 not bound to a workflow model. In this article, we
                 bridge the gap between the specification of SoD
                 constraints modeled in SoDA and their enforcement in a
                 dynamic, service-oriented enterprise environment. We
                 proceed by generalizing SoDA's semantics to traces,
                 modeling workflow executions that satisfy the
                 respective SoDA terms. We then refine the set of traces
                 induced by a SoDA term to also account for a workflow's
                 control-flow and role-based authorizations. Our
                 formalization, which is based on the process algebra
                 CSP, supports the enforcement of SoD on general
                 workflows and handles changing role assignments during
                 workflow execution, addressing a well-known source of
                 fraud. The resulting CSP model serves as blueprint for
                 a distributed and loosely coupled architecture where
                 SoD enforcement is provisioned as a service. This
                 concept, which we call SoD as a Service, facilitates a
                 separation of concerns between business experts and
                 security professionals. As a result, integration and
                 configuration efforts are minimized and enterprises can
                 quickly adapt to organizational, regulatory, and
                 technological changes. We describe an implementation of
                 SoD as a Service, which combines commercial components
                 such as a workflow engine with newly developed
                 components such as an SoD enforcement monitor. To
                 evaluate our design decisions and to demonstrate the
                 feasibility of our approach, we present a case study of
                 a drug dispensation workflow deployed in a hospital.",
  acknowledgement = ack-nhfb,
  articleno =    "13",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries