Integrated constraints and inheritance in DTAC

Jonathon E. Tidswell, Trent Jaeger

Research output: Contribution to conferencePaperpeer-review

16 Scopus citations

Abstract

Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.

Original languageEnglish (US)
Pages93-102
Number of pages10
DOIs
StatePublished - 2000
Event5th ACM Workshop on Role-Based Access Control (RBAC) - Berlin, Ger
Duration: Jul 26 2000Jul 27 2000

Conference

Conference5th ACM Workshop on Role-Based Access Control (RBAC)
CityBerlin, Ger
Period7/26/007/27/00

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'Integrated constraints and inheritance in DTAC'. Together they form a unique fingerprint.

Cite this