Sciweavers

SACMAT
2006
ACM

Constraint generation for separation of duty

13 years 9 months ago
Constraint generation for separation of duty
Separation of Duty (SoD) is widely recognized to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER) constraints are used to enforce SSoD policies. This paper studies the problem of generating sets of constraints that (a) enforce a set of SSoD policies, (b) are compatible with the existing role hierarchy, and (c) are minimal in the sense that there is no other constraint set that is less restrictive and satisfies (a) and (b). Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection—Access controls; K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Algorithms, Security Keywords role based access control, separation of duty, constraints
Hong Chen, Ninghui Li
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where SACMAT
Authors Hong Chen, Ninghui Li
Comments (0)