Transaction control expressions for separation of duties
- 6 January 2003
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We describe a model and notation for specifyingand enforcing aspects of integrity policies, particularlyseparation of duties. The key idea is to associate atransaction control expression with each informationobject. This expression constrains the transactionswhich can be applied to that object to occur in thespecified pattern. As operations are actually executedthe transaction control expression gets converted to ahistory. This history serves to enforce separation ofduties. We...Keywords
This publication has 10 references indexed in Scilit:
- Implementing commercial data integrity with secure capabilitiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- The schematic protection modelJournal of the ACM, 1988
- The source of authority for commercial access controlComputer, 1988
- A Comparison of Commercial and Military Computer Security PoliciesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1987
- Access-Right ExpressionsACM Transactions on Programming Languages and Systems, 1983
- Security Policies and Security ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1982
- An operation-control scheme for authorization in computer systemsInternational Journal of Parallel Programming, 1978
- The notions of consistency and predicate locks in a database systemCommunications of the ACM, 1976
- Protection in operating systemsCommunications of the ACM, 1976
- A large-scale interactive administrative systemIBM Systems Journal, 1971