By Topic

Transaction control expressions for separation of duties

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Sandhu, R. ; Dept. of Comput. & Inf. Sci., Ohio State Univ., Columbus, OH, USA

The author describes a model and notation for specifying and enforcing aspects of integrity policies, particularly separation of duties. The key idea is to associate a transaction control expression with each information object. The transaction control expression constrains the pattern in which transactions can be executed on an object. As operations are actually executed the transaction control expressions gets converted to a history. This history serves to enforce separation of duties. Transient objects with a short lifetime are distinguished from persistent objects which are long-lived. Separation of duties is achieved by maintaining a complete history for transient objects but only a partial history for persistent objects. This is possible because of the system-enforced rule that transactions are executed on persistent objects only as a side effect of execution on transient objects

Published in:

Aerospace Computer Security Applications Conference, 1988., Fourth

Date of Conference:

12-16 Dec 1988