Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Role-Based Access Control
SERAT: SEcure role mApping technique for decentralized secure interoperability
Proceedings of the tenth ACM symposium on Access control models and technologies
Secure collaboration in mediator-free environments
Proceedings of the 12th ACM conference on Computer and communications security
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Constraint generation for separation of duty
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
Direct static enforcement of high-level security policies
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Visual modeling and formal specification of constraints of RBAC using semantic web technology
Knowledge-Based Systems
Web services discovery in secure collaboration environments
ACM Transactions on Internet Technology (TOIT)
Workflow authorisation in mediator-free environments
International Journal of Security and Networks
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Separation of Duty in Trust-Based Collaboration
Information Security and Cryptology
Isolating untrusted software extensions by custom scoping rules
Computer Languages, Systems and Structures
Establishing RBAC-based secure interoperability in decentralized multi-domain environments
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
A relational database integrity framework for access control policies
Journal of Intelligent Information Systems
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Constraint-enhanced role engineering via answer set programming
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
| Hi-index | 0.00 |
Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER) constraints are used to enforce SSoD policies. In this paper, we pose and answer fundamental questions related to the use of SMER constraints to enforce SSoD policies. We show that directly enforcing SSoD policies is intractable (coNP-complete), while checking whether an RBAC state satisfies a set of SMER constraints is efficient. Also, we show that verifying whether a given set of SMER constraints enforces an SSoD policy is intractable (coNP-complete) and discuss why this intractability result should not lead us to conclude that SMER constraints are not an appropriate mechanism for enforcing SSoD policies. We show also how to generate SMER constraints that are as accurate as possible for enforcing an SSoD policy.