Home   >   CSC-OpenAccess Library   >    Manuscript Information
Separation of Duty and Context Constraints for Contextual Role-Based Access Control (C-RBAC)
Muhammad Nabeel Tahir
Pages - 16 - 26     |    Revised - 20-02-2009     |    Published - 15-03-2009
Volume - 3   Issue - 1    |    Publication Date - February 2009  Table of Contents
Separation of duty, Constraints, C-RBAC, Location Hierarchy Schemas.
This paper presents the separation of duty and context constraints of recently proposed Contextual Role-Based Access Control Model C-RBAC. Constraints in C-RBAC enabled the specification of a rich set of Separation of Duty (SoD) constraints over spatial purpose roles. In healthcare environment in which user roles are position and are purpose dependant, the notion of SoD is still meaningful and relevant to the concept of conflict of interest. SoD may be defined as Static Separation of Duty (SSoD) and Dynamic Separation of Duty (DSoD) depending on whether exclusive role constraints are evaluated against the user-role assignment set or against the set of roles activated in user’s session. In particular, the model is capable of expressing a wider range of constraints on spatial domains, location hierarchy schemas, location hierarchy instances, spatial purposes and spatial purpose roles.
1 Google Scholar 
2 ScientificCommons 
3 Academic Index 
4 CiteSeerX 
5 refSeek 
6 iSEEK 
7 Socol@r  
8 ResearchGATE 
9 Bielefeld Academic Search Engine (BASE) 
10 Scribd 
11 SlideShare 
13 PdfSR 
Bertino, E., Bonatti, P. A. and Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3), 191–233.
Bertino, E., Catania, B., Damiani, M.L. and Persasca, P. (2005). GEO-RBAC: A Spatially AwareRBAC, 10th Symposium on Access Control Models and Technologies (SACMAT'05), Stockholm, Sweden, 29-37.
Fu, S., Xu, C. (2005). A Coordinated Spatio-Temporal Access Control Model for Mobile Computing in Coalition Environments. In Proceedings of 19th IEEE International Conference on Parallel and Distributed Processing, 289b-289b, Denver, CA, USA.
Hansen, F., Oleshchuk, V. (2003). Spatial role-based access control model for wireless networks. In Proceedings of 58th IEEE Vehicular Technology Conference (VTC’03), 2093-2097, Orlando, Florida.
Health Insurance Portability & Accountability Act [HIPAA] (1996). [Online]. Available: http://www.hipaa.org [2007, October 15].
Joshi, J. B. D., Bertino, E., Latif, U. and Ghafoor, A. (2005). A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1), 4–23.
Joshi, J. B. D., Shafiq, B., Ghafoor, A. and Bertino, E. (2003). Dependencies and separation of duty constraints in GTRBAC. In Proceedings, ACM Symposium on Access Control Models and Technologies, 51–64.
Joshi, J.B.D., Bertino, E. and Ghafoor, A. (2002). Temporal Hierarchies and Inheritance Semantics for GTRBAC. In Seventh ACM Symposium on Access Control Models and Technologies (SACMAT02), Monterey, California, USA.
Mantoro, T. and Johnson, C. W. (2003). Location History in a Low-cost Context Awareness Environment. Workshop on ‘Wearable, Invisible, Context-Aware, Ambient, Pervasive and Ubiquitous Computing’, Australian Computer Science Communications, 21(6), Adelaide, Australia.
Personal Information Protection and Electronic Documents Act [PIPEDA] (2000). [Online]. Available: http://www.nymity.com/pipeda/ [2007, October 15].
PIPEDA: Personal Information Protection and Electronic Documents Act (2004), Department of Justice of Canada [Online]. Available: laws.justice.gc.ca/en/P-8.6/text.html [2006, December 13]
Protecting the Privacy of Patients' Health Information, Available: http://www.hhs.gov/news/facts/privacy.html [2007, June 28]
Ray, I. and Kumar, M. (2006). Towards a location-based mandatory access control model. Computers & Security, 25(1), 36-44.
Sidiroglou, S., Ioannidis, S., and Keromytis, A. D. (2006). Privacy as an operating system service. In Proceedings of the Workshop on Hot Topics in Security (HOTSEC), Vancouver, CA.
Suroop, C. and Joshi, J.B.D. (2005). LoT-RBAC: A Location and Time-Based RBAC Model. In Proceedings of 6th International Conference on Web Information Systems Engineering, LNCS 3806, 361-375, New York, USA.
Tahir, M. N. (2007). Contextual Role-Based Access Control. Ubiquitous Computing and Communication Journal, 2(3), 2007
U.S. Senate Committee on Banking, Housing, and Urban Affairs (1999). Information Regarding the Gramm-Leach-Bliley Act of 1999 [GLB Act]. [Online]. Available: http://banking.senate.gov/conf [2007, October 15].
Ying, C. S. (2006). Health Insurance Portability and Accountability Act (HIPAA)-compliant Privacy Access Control Model for Web Services. Master’s thesis, The Hong Kong University of Science and Technology, Hong Kong
Mr. Muhammad Nabeel Tahir
- Malaysia

View all special issues >>