Title :
A History-Based Constraint for Separation-of-Duty Policy in Role Based Access Control Model
Author :
Wang, Duoqiang ; Liu, Wengfang ; Lu, Jianfeng ; Ma, Xiaopu
Author_Institution :
Coll. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. Role-based access control (RBAC) is today´s dominant access control model, and supporting SoD policy is widely regarded as one of RBAC´s main strengths. In this paper, we show that checking whether a RBAC state satisfies a given static SoD (SSoD) policy is a coNP-complete problem, and using statically mutually exclusive roles (SMER) to enforce SSoD is usually computationally expensive, while enforcing SSoD policies by a history-based constraint is practicable. Our approach is focused on high-level SSoD policy, and the key idea is to record each permission access request, this history is maintained and processed by two different mechanisms based on two cases, one case is n=2 or m=n, the other case is 2<n<m, The history-based constraint consists of the two cases addresses the goal of the high- level SSoD policy in RBAC model.
Keywords :
authorisation; computational complexity; coNP-complete problem; computer security; history based constraint; role based access control model; separation-of-duty policy; statically mutually exclusive role; Access control; Computer industry; Computer science; Computer security; Educational institutions; Government; History; Industrial control; Permission; Qualifications;
Conference_Titel :
E-Business and Information System Security, 2009. EBISS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-2909-7
Electronic_ISBN :
978-1-4244-2910-3
DOI :
10.1109/EBISS.2009.5137873
