Title :
History-based constraints for dynamic separation-of-duty policies in usage control
Author :
Lu, Jianfeng ; Dewu Xu
Author_Institution :
Sch. of Math.-Phys. & Inf. Eng., Zhejiang Normal Univ., Jinhua, China
Abstract :
Separation of Duty (SoD) is a widely used security principle to help prevent frauds in a business process. Recently presented usage control (VeON) has been considered as the next generation access control model. However, as a related and fundamental problem, the research of SoD policy in VeON has not been explored. In this paper, we give a formal definition of dynamic SoD (DSoD) policies, and show that checking whether a VeONA state satisfies a given DSoD policy is a coNP-complete problem, only two special cases can be checked in polynomial time. We propose the history-based constraints for enforcing DSoD policies in usage control. The key idea is to record each permission access request, and use these histories to make the decision when a new permission request is generated. This approach poses and answers fundamental questions related to enable the use of constraints to support SoD policies in VeON.
Keywords :
authorisation; business data processing; optimisation; polynomials; SoD; access control model; business process; coNP-complete problem; dynamic separation-of-duty policies; formal definition; history based constraints; polynomial time; security principle; usage control; Computers; dynamic separation of duty; history-based constraint; usage control;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
DOI :
10.1109/ICCSNT.2011.6182463
