Title :
Specification and enforcement of separation-of-duty policies in role-base access control
Author :
Lu, Lianfeng ; Zhou, Jiaqing
Author_Institution :
Sch. of Math.-Phys. & Inf. Eng., Zhejiang Normal Univ., Jinhua, China
Abstract :
Separation-of-duty (SoD) is widely considered to be a fundamental principle to role based access control (RBAC) models and systems should adhere. In this paper, we formulate and study the fundamental problem of SoD policies in the context of RBAC systems. We give a set-based specification of SoD policies and the safety checking problem for SoD policies in the context of RBAC. We study the problem of determining whether a SoD policy is enforceable, and show that directly enforcing SoD policies in RBAC is intractable (coNP-complete). Moreover, indirectly enforcing SoD policies by using mutually exclusive role constraints is also intractable (NP-hard). Therefore, we reduce the safety checking problem for SoD to SAT4J problem which can be solved using available SAT solvers. The experiments show the validity and effectively of the SAT approach.
Keywords :
authorisation; computability; computational complexity; NP-hard problem; RBAC model; SAT solvers; SAT4J problem; coNP-complete problem; directly enforcing SoD policies; indirectly enforcing SoD policies; mutually exclusive role constraints; role-based access control; safety checking problem; separation of duty policy enforcement; separation of duty policy specification; set-based specification; Computers; RBAC; SAT4J; Separation of Duty;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
DOI :
10.1109/ICCSNT.2011.6182399
