{"title":"Enforcement of Spatial Separation of Duty Constraint","authors":"Weihe Chen, Zhu Tang, Shiguang Ju","doi":"10.1109/ICYCS.2008.223","DOIUrl":null,"url":null,"abstract":"Securing access to data in location-based services and mobile applications pose interesting security requirements against spatially aware access control systems. In particular, the permissions assigned to users depend on their physical positions in a reference space. When a session is established in a spatial regionby users, some spatial constraints related to thissession will be triggered and control the session process during its life automatically. There are often multiple mutually exclusive spatial roles (MESR)constraints that can enforce the same spatial separation of duty policy (SSoD). Although the different MESR constraints can enforce the same effect on the same session, we have found that the different MESR constraints are varying greatly in the enforcement efficiency. The more precise the MESR sets are defined for enforcing an SSoD policy, the less overhead the system is suffered. In this paper, we argue that enforcement of SSoD policies is realized by specifying minimal MESR constraints. By comparing the different MESR constraints which can enforce the same SSoD, we conclude the minimal MESR constraints can avoid redundant restrictiveness effectively and enforce the SSoD policy precisely. We also present an algorithm that generates all minimal MESR constraints that are precise for enforcing oneSSoD policy.","PeriodicalId":370660,"journal":{"name":"2008 The 9th International Conference for Young Computer Scientists","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The 9th International Conference for Young Computer Scientists","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICYCS.2008.223","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Securing access to data in location-based services and mobile applications pose interesting security requirements against spatially aware access control systems. In particular, the permissions assigned to users depend on their physical positions in a reference space. When a session is established in a spatial regionby users, some spatial constraints related to thissession will be triggered and control the session process during its life automatically. There are often multiple mutually exclusive spatial roles (MESR)constraints that can enforce the same spatial separation of duty policy (SSoD). Although the different MESR constraints can enforce the same effect on the same session, we have found that the different MESR constraints are varying greatly in the enforcement efficiency. The more precise the MESR sets are defined for enforcing an SSoD policy, the less overhead the system is suffered. In this paper, we argue that enforcement of SSoD policies is realized by specifying minimal MESR constraints. By comparing the different MESR constraints which can enforce the same SSoD, we conclude the minimal MESR constraints can avoid redundant restrictiveness effectively and enforce the SSoD policy precisely. We also present an algorithm that generates all minimal MESR constraints that are precise for enforcing oneSSoD policy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
