Dynamic Enforcement of Separation-of-Duty Policies

Author

Lu, Jianfeng ; Li, Ruixuan ; Lu, Zhengding ; Jin, Yanan

Author_Institution

Coll. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China

Volume

2

fYear

2009

fDate

18-20 Nov. 2009

Firstpage

394

Lastpage

397

Abstract

Separation-of-duty (SoD) policy is widely considered to be a fundamental security principle for prevention of fraud and errors in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In this paper, we study the problem of dynamic enforcement of SSoD policies in access control systems. We formally define the notion of an SSoD policy, and introduce the problem of dynamic safety checking problem (DSCP) which asks whether an access control state satisfies a given SSoD policy, and show that it is intractable (NP-complete) for directly enforcing SSoD policies in access control. Furthermore, we design and evaluate an improvement algorithm for solving DSCP.

Keywords

computational complexity; optimisation; security of data; NP-complete; access control; computer security; dynamic enforcement; dynamic safety checking problem; separation-of-duty policies; Bayesian methods; Computer networks; Costs; Decision making; Game theory; Information security; Information systems; Multimedia systems; Nash equilibrium; Protection; Separation-of-Duty; access control; computational complexity; dynamic enforcement;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security, 2009. MINES '09. International Conference on

Conference_Location

Hubei

Print_ISBN

978-0-7695-3843-3

Electronic_ISBN

978-1-4244-5068-8

Type

conf

DOI

10.1109/MINES.2009.102

Filename

5368259