On mutually-exclusive roles and separation of duty

@inproceedings{Li2004OnMR,
  title={On mutually-exclusive roles and separation of duty},
  author={Ninghui Li and Ziad Bizri and Mahesh V. Tripunitara},
  booktitle={CCS '04},
  year={2004}
}
Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER) constraints are used to enforce SSoD policies. In this paper, we pose and answer fundamental questions related to the use of SMER constraints… 

Figures and Tables from this paper

Constraint generation for separation of duty

TLDR
This paper studies the problem of generating sets of constraints that enforce a set of SSoD policies, are compatible with the existing role hierarchy, and are minimal in the sense that there is no other constraint set that is less restrictive and satisfies these criteria.

Static Enforcement of Static Separation-of-Duty Policies in Usage Control Authorization Models

TLDR
This paper formulates and studies the fundamental problem of static enforcement of static SoD (SSoD) policies in the context of U CONA, a sub-model of UCON only considering authorizations, and shows how to generate the least restrictive SMEA constraints for enforcing SSoD policies in UCONA.

A History-Based Constraint for Separation-of-Duty Policy in Role Based Access Control Model

TLDR
It is shown that checking whether a RBAC state satisfies a given static SoD (SSoD) policy is a coNP-complete problem, and using statically mutually exclusive roles (SMER) to enforce S soD is usually computationally expensive, while enforcing SSoD policies by a history-based constraint is practicable.

Dynamic Enforcement of Separation-of-Duty Policies

TLDR
This paper formally defines the notion of an SSoD policy, and introduces the problem of dynamic safety checking problem (DSCP) which asks whether an access control state satisfies a given S soD policy; and shows that it is intractable (NP-complete) for directly enforcing S SoD policies in access control.

Specification and enforcement of separation-of-duty policies in role-base access control

  • Jianfeng LuJ. Zhou
  • Computer Science
    Proceedings of 2011 International Conference on Computer Science and Network Technology
  • 2011
TLDR
The problem of determining whether a SoD policy is enforceable is studied, and it is shown that directly enforcing SoD policies in RBAC is intractable (coNP-complete) and indirectly enforcing soD policies by using mutually exclusive role constraints is also intractability (NP-hard).

Specification and Enforcement of Static Separation-of-Duty Policies in Usage Control

TLDR
A set-based specification scheme is given for static SoD policy in recently presented usage control (UCON) model, and the least restrictive static mutually exclusive attribute (SMEA) constraints are generated to enforce SSoD policies.

Available Separation-of-Duty Policies in Access Control

TLDR
This paper combines a static SoD policy and an availability policy to introduce the available static soD (ASSoD) policies to capture both of the safety and availability properties, and presents the computational complexity of the satisfy checking problem of ASSoD policies.

The Authorization Policy Existence Problem

TLDR
This paper develops a new method of specifying constraints which subsumes much related work and allows a wider range of constraints to be specified, and analyzes the complexity of questions related to policy existence, where a positive answer means that an organization's objectives can be realized.

Separation of Duty in Role-Based Access Control Model through Fuzzy Relations

TLDR
This paper proposes a model to express the separation of duty policies in RBAC using the fuzzy set theory, and the concept of trustworthiness, which is fuzzy in nature, is used to express this model.

History-based constraints for dynamic separation-of-duty policies in usage control

  • Jianfeng LuDewu Xu
  • Computer Science
    Proceedings of 2011 International Conference on Computer Science and Network Technology
  • 2011
TLDR
This paper gives a formal definition of dynamic SoD (DSoD) policies, and shows that checking whether a UCONA state satisfies a given DSoD policy is a coNP-complete problem, only two special cases can be checked in polynomial time.
...

References

SHOWING 1-10 OF 53 REFERENCES

The RSL99 language for role-based separation of duty constraints

TLDR
A framework for specifying separation of duty and conflict of interest policies in role-based systems is described and an intuitive formal language which uses system functions and sets as its basic elements is proposed.

Separation of duties for access control enforcement in workflow environments

TLDR
This paper presents the "conflicting entities" administration paradigm for the specification of static and dynamic separation ofduty requirements in the workflow environment, and argues that RBAC does not support the complex work processes often associated with separation of duty requirements, particularly with dynamic separated of duty.

Role-based authorization constraints specification

TLDR
An intuitive formal language for specifying role-based authorization constraints named RCL 2000 including its basic elements, syntax, and semantics is introduced and it is shown that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance.

On the formal definition of separation-of-duty policies and their composition

TLDR
It is concluded that the practical implementation of SoD policies requires new methods and tools for security administration, even within applications that already support RBAC, such as most database management systems.

Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems

TLDR
This paper explores some aspects of mutual exclusion of roles as a means of implementing separation ofduty policies, including a safety property for separation of duty; relationships between different types of exclusion rules; properties of Mutual exclusion for roles; constraints on the role hierarchy introduced by mutual exclusion rules.

An access control model for simplifying constraint expression

TLDR
This work proposes a new approach to expressing constraints that has the following properties: an access control policy is expressed using a graphical model in which the nodes represent sets and the edges represent binary relationships on those sets and constraints are expressed using few, simple set operators on graph nodes.

Specifying and enforcing constraints in role-based access control

TLDR
A combined specification and implementation model for a class of constraints that includes separation of duty constraints is presented and it is proposed that a scalable role-based reference monitor that can be used to enforce constraints in an efficient manner is proposed.

Practical safety in flexible access control models

TLDR
By keeping the complexity of constraint expression in check, flexible access control models, such as role-based access control, may also be used for expressing access control policy for safety-critical systems.

A generalized temporal role-based access control model

TLDR
This work proposes a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints and allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments.

Separation of duty in role-based environments

TLDR
The mechanisms to support separation of duty and roles in Adage, a general-purpose authorization language and toolkit are discussed and the notion of history-based separation ofduty is added.
...