![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Published Version Download ( PDF | 776kB) | License: Creative Commons Attribution 4.0 |
A Framework for Managing Separation of Duty Policies
Groll, Sebastian
, Kern, Sascha , Fuchs, Ludwig and Pernul, Günther
(2024)
A Framework for Managing Separation of Duty Policies.
In: ARES 2024: The 19th International Conference on Availability, Reliability and Security, July 30 - August 2, 2024, Vienna, Austria.
Date of publication of this fulltext: 09 Jan 2025 10:07
Conference or workshop item
DOI to cite this document: 10.5283/epub.74601
Abstract
Separation of Duty (SoD) is a fundamental principle in information security. Especially large and highly regulated companies have to manage a huge number of SoD policies. These policies need to be maintained in an ongoing effort in order to remain accurate and compliant with regulatory requirements. In this work we develop a framework for managing SoD policies that pays particular attention to ...
Separation of Duty (SoD) is a fundamental principle in information security. Especially large and highly regulated companies have to manage a huge number of SoD policies. These policies need to be maintained in an ongoing effort in order to remain accurate and compliant with regulatory requirements. In this work we develop a framework for managing SoD policies that pays particular attention to policy comprehensibility. We conducted seven semi-structured interviews with SoD practitioners from large organizations in order to understand the requirements for managing and maintaining SoD policies. Drawing from the obtained insights, we developed a framework, which includes the relevant stakeholders and tasks, as well as a policy structure that aims to simplify policy maintenance. We anchor the proposed policy structure in a generic IAM data model to ensure compatibility and flexibility with other IAM models. We then show exemplary how our approach can be enforced within Role-Based Access Control. Finally, we evaluate the proposed framework with a real-world IAM data set provided by a large finance company.
Alternative links to fulltext
Involved Institutions
Details
| Item type | Conference or workshop item (Paper) | ||||
| Title of Book: | Proceedings of the 19th International Conference on Availability, Reliability and Security | ||||
|---|---|---|---|---|---|
| Page Range: | pp. 1-10 | ||||
| Date | 2024 | ||||
| Institutions | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatics and Data Science > Department Information Systems > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identification Number |
| ||||
| Keywords | Separation of Duty, Identity and Access Management, Role-Based Access Control | ||||
| Dewey Decimal Classification | 000 Computer science, information & general works > 004 Computer science | ||||
| Status | Published | ||||
| Refereed | Yes, this version has been refereed | ||||
| Created at the University of Regensburg | Partially | ||||
| URN of the UB Regensburg | urn:nbn:de:bvb:355-epub-746016 | ||||
| Item ID | 74601 |
Export bibliographical data
Owner only: item control page
Download Statistics
Download Statistics