CFP last date
20 January 2025
Reseach Article

An Access Control Model for Web Services with Dynamic Separation of Duty Rules

by Hadiseh Seyyed Alipour, Mehdi Sabbari, Eslam Nazemi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 42 - Number 6
Year of Publication: 2012
Authors: Hadiseh Seyyed Alipour, Mehdi Sabbari, Eslam Nazemi
10.5120/5695-7469

Hadiseh Seyyed Alipour, Mehdi Sabbari, Eslam Nazemi . An Access Control Model for Web Services with Dynamic Separation of Duty Rules. International Journal of Computer Applications. 42, 6 ( March 2012), 6-13. DOI=10.5120/5695-7469

@article{ 10.5120/5695-7469,
author = { Hadiseh Seyyed Alipour, Mehdi Sabbari, Eslam Nazemi },
title = { An Access Control Model for Web Services with Dynamic Separation of Duty Rules },
journal = { International Journal of Computer Applications },
issue_date = { March 2012 },
volume = { 42 },
number = { 6 },
month = { March },
year = { 2012 },
issn = { 0975-8887 },
pages = { 6-13 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume42/number6/5695-7469/ },
doi = { 10.5120/5695-7469 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:30:57.748692+05:30
%A Hadiseh Seyyed Alipour
%A Mehdi Sabbari
%A Eslam Nazemi
%T An Access Control Model for Web Services with Dynamic Separation of Duty Rules
%J International Journal of Computer Applications
%@ 0975-8887
%V 42
%N 6
%P 6-13
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

One of the most significant difficulties with developing Service-Oriented Architecture (SOA) involves meeting its security challenges. Access control is an important security mechanism for organizations to protect their resources in collaborative environments and processes. In these processes, shared resources are often used and there are complex relationships between activities and users, so the definition and administration of different security levels (tasks, users, resources, etc. ) is necessary. Different access control models and mechanisms have been proposed in recent years. However, under the new collaborative paradigm based on Web services and workflow technologies, some specific access control requirements should be addressed to support the various processes. In this paper, an access control model is proposed that considers the necessary elements to represent authentication, authorization and access control aspects in SOA environment. One of the underlined issues in this model is Separation of Duty (SoD) policy, which is widely considered to be a fundamental security principle for prevention of fraud and errors in information security.

References
  1. Saltzer, J. H. , . Schroeder, M. D. , 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9):1278-130.
  2. Anderson, A. and Lochhart, H. , 2005. SAML 2. 0 profile of XACML, OASIS Standard.
  3. Moses, T. and et al, 1 Feb 2005. eXtensible Access Control Markup Language(XACML) Version 2. 0, OASIS Standard
  4. Singhal, A. , Winograd, T. and Scarfone, K. , 2007. Guide to Secure Web Services, National Institute of Standards and Technology Special Publication.
  5. Yuan, E. and Tong, J. 2005. Attributed Based Access Control (ABAC) for Web Services, IEEE International Conference on Web Services (ICWS'05).
  6. Sandhu, R. S. and et al,1996. Role-Based Access Control Models, IEEE Computer, pp. 38-47.
  7. Ferraiolo, D. F. and Kuhn, D. R. , 1992. Role Based Access Control, 15th National Computer Security Conf. , pp: 554-563.
  8. National Institute of Standards and Technology, December2010. 2010 Economic Analysis of Role-Based Access Control, Final Report.
  9. Axiomatics white paper, 2009. Enforcing Segregation of Duties (SoD).
  10. Karp, A. H. and Li, J. 2010. Solving the Transitive Access Problem for the Services Oriented Architecture, IEEE International Conference on Availability, Reliability and Security, DOI 10. 1109/ARES,
  11. Tong, J. Apr. 2005. Attribute based access control: a new access control approach for service oriented architectures, Workshop on New Challenges for Access Control, Ottawa, Canada.
  12. Giblin, C. , Hada, S. , 2008. Towards Separation of Duties for Services, IBM Research Laboratory.
  13. The Institute of Internal Auditors: Glossary. Viewed 2008.
  14. National Institute of Standards and Technology (NIST), U. S. Department of Commerce, December, 2007. Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53.
  15. Goodner, M. Hondo, M. Nadalin, A. Mcintosh, M. Schmidt, D. 2007. Understanding WS-Federation. International Business Machines (IBM) Corporation and Microsoft Corporation publication . Location:http://msdn. microsoft. com/en-us/library/bb498017. aspx.
  16. Clark, D. , and Wilson, D. , April 1987. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, pages 184–194, Oakland.
Index Terms

Computer Science
Information Sciences

Keywords

Web Service Separation Of Duty Access Control rule Definition Authentication Authorization