Site menu:

July 2017
S M T W T F S
« Mar    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Recent Posts

Recent Comments

Technical Research Publications & Presentations

Fraud and Information Technology Audit

This presentation was made to the Nairobi (Kenya) Chapter of Information Systems Audit and Control Association (ISACA) in August 2009. In attendance were IT auditors and IT security professionals.

View the PDF version of the presentation.

Information Security & Risk Management

This presentation was made to the graduate students and faculty at the University of Nairobi, Kenya.

View the PDF version of the presentation.

The Role Graph Model and Conflict of Interest

MATUNDA NYANCHAMA and SYLVIA OSBORN

We describe in more detail than before the reference model for role-based access control introduced by Nyanchama and Osborn, and the role-graph model with its accompanying algorithms, which is one way of implementing role-role relationships. An alternative role insertion algorithm is added, and it is shown how the role creation policies of Fernandez et al. correspond to role addition algorithms in our model. We then use our reference model to provide a taxonomy for kinds of conflict. We then go on to consider in some detail privilege-privilege and role-role conflicts in conjunction with the role graph model. We show how role-role conflicts lead to a partitioning of the role graph into nonconflicting collections that can together be safely authorized to a given user. Finally, in an appendix, we present the role graph algorithms with additional logic to disallow roles that contain conflicting privileges.

Categories and Subject Descriptors: D.4.6 [Operating Systems]: Security and Protection; access controls; K.6.5 [Management of Computing and Information Systems]: Security and Protection; G.2.2 [Discrete Mathematics]: Graph Theory, graph algorithms

General Terms: Algorithms, Management, Security Additional Key Words and Phrases: role-based security, role graphs, conflict of interest

view PDF