Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives

CC
CSF
2011
2011 IEEE 24th Computer Security Foundations Symposium
Abstract - Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Basin Articles by Samuel J. Burri Articles by Günter Karjoth

2011 IEEE 24th Computer Security Foundations Symposium

Cernay-la-Ville, France

June 27-June 29

ISBN: 978-0-7695-4365-9

	ASCII Text	x
	David Basin, Samuel J. Burri, Günter Karjoth, "Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives," Computer Security Foundations Symposium, IEEE, pp. 99-113, 2011 IEEE 24th Computer Security Foundations Symposium, 2011.

	BibTex	x
	@article{ 10.1109/CSF.2011.14, author = {David Basin and Samuel J. Burri and Günter Karjoth}, title = {Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives}, journal ={Computer Security Foundations Symposium, IEEE}, volume = {0}, year = {2011}, isbn = {978-0-7695-4365-9}, pages = {99-113}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2011.14}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Symposium, IEEE TI - Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives SN - 978-0-7695-4365-9 SP99 EP113 A1 - David Basin, A1 - Samuel J. Burri, A1 - Günter Karjoth, PY - 2011 KW - Access control KW - authorization constraint KW - Separation of Duty KW - workflow VL - 0 JA - Computer Security Foundations Symposium, IEEE ER -

David Basin

Samuel J. Burri

Günter Karjoth

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSF.2011.14

Access control is fundamental in protecting information systems but it also poses an obstacle to achieving business objectives. We analyze this tradeoff and its avoidance in the context of systems modeled as workflows restricted by authorization constraints including those specifying Separation of Duty (SoD) and Binding of Duty (BoD).To begin with, we present a novel approach to scoping authorization constraints within workflows with loops and conditional execution. Afterwards, we consider enforcement's effects on business objectives. We identify the notion of obstruction, which generalizes deadlock within a system where access control is enforced, and we formulate the existence of an obstruction-free enforcement mechanism as a decision problem. We present lower and upper bounds for the complexity of this problem and also give an approximation algorithm that performs well when authorizations are equally distributed among users.

Index Terms:

Access control, authorization constraint, Separation of Duty, workflow

Citation:

David Basin, Samuel J. Burri, Günter Karjoth, "Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives," csf, pp.99-113, 2011 IEEE 24th Computer Security Foundations Symposium, 2011

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.