Combinatorial optimization: algorithms and complexity
Combinatorial optimization: algorithms and complexity
Proceedings of the 4th ACM conference on Computer and communications security
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Separation of duties as a service
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
A high-level security policy states an overall safety requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. Recently, Li and Wang [6] proposed an algebra for specifying a wide range of high-level security policies with both qualification and quantity requirements on users who perform a task. In this paper, we study the problem of direct static enforcement of high-level security policies expressed in this algebra. We formally define the notion of a static safety policy, which requires that every set of users together having all permissions needed to complete a sensitive task must contain a subset that satisfies the corresponding security requirement expressed as a term in the algebra. The static safety checking problem asks whether an access control state satisfies a given high-level policy. We study several computational problems related to the static safety checking problem, and design and evaluate an algorithm for solving the problem.