Int. J. Internet Technology and Secured Transactions, Vol. 3, No. 2, 2011 149 Copyright © 2011 Inderscience Enterprises Ltd. Role inheritance with object-based DSD Muhammad Asif Habib FIM, Johannes Kepler University, Altenbergerstraße 69, A-4040 Linz, Austria E-mail: habib@fim.uni-linz.ac.at Abstract: Role-based access control (RBAC) is an evolution in the field of access control. RBAC offers tight security of information and ease of management to implement. The focus of this paper is on some of the important factors in RBAC, i.e., dynamic separation of duty (DSD) which is implemented to avoid internal security threats and role inheritance. We discuss DSD from a different perspective, i.e., object-based dynamic separation of duty. Also, we discuss permission level inheritance from object perspective. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a definition of DSD from different perspective and elaborate the importance of role inheritance. Different examples have been given regarding object-based DSD with different scenarios. We also describe the benefits of implementing the proposed definition of DSD. Keywords: role-based access control; RBAC; role inheritance; object-based DSD; permission level inheritance. Reference to this paper should be made as follows: Habib, M.A. (2011) ‘Role inheritance with object-based DSD’, Int. J. Internet Technology and Secured Transactions, Vol. 3, No. 2, pp.149–160. Biographical notes: Muhammad Asif Habib received his MSc in Computer Science from the University of Punjab Lahore, Pakistan in 2004. He joined a research group at FIM, Johannes Kepler University Linz Austria in February 2008. His major research interests are in the area of information and network security, particularly access control, privacy and grid securities. 1 Introduction The success of a business depends on the ability and strength to protect the valuable information and data. Information and data are the most precious and valuable things for any organisation. The organisations demand for fool proof security for their data and information as well as they demand for effective execution of business tasks after the implementation of a security policy. The organisations do not want the business processes to be disturbed after implementing any security policy. They do not want any such security policy that after implementing the policy, the organisations have to suffer for delay in execution of business processes or it slows down business tasks. So, the organisations demand for secure as well as efficient systems.