Title: Mitigating conflicts of interest by authorization policies
Authors: Nassr, Nezar
Steegmans, Eric
Issue Date: 8-Sep-2015
Publisher: ACM
Host Document: Proceedings of the 8th International Conference on Security of Information and Networks pages:118-126
Conference: International Conference on Security of Information and Networks edition:8 location:Sochi, Russian Federation date:September 08 - 10, 2015
Abstract: In many organizations, there are numerous business processes that involve sensitive tasks that may encourage corruption. Conflict of interest policies are defined in an organization to deter corruption before it can happen. Existing research generally focuses on separation of duties, yet lacks attention for the underpinning conflicts of interest. Moreover, separation of duty is only one particular kind of conflicts of interest. Other kinds do exist and must be resolved as well.

In this paper a novel approach is proposed to define conflict of interest policies and to facilitate their enforcement. Our work provides an expressive mechanism that can be applied for a wide range of conflicts of interest that go beyond separation of duty policies. Furthermore, we show how policies can be enforced in the context of the role-oriented access control model (ROAC), which we extend to provide a stronger basis for the enforcement of conflict of interest policies.
ISBN: 978-1-4503-3453-2
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:

There are no files associated with this item.

Request a copy


All items in Lirias are protected by copyright, with all rights reserved.