A user-role based data security approach
on Database Security: Status and Prospects
Role-Based Access Control Models
Computer
Proceedings of the 4th ACM conference on Computer and communications security
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Modeling and analyzing separation of duties in workflow environments
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Role-Based Access Control
Secure role-based workflow models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
An efficient framework for user authorization queries in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Specification and Enforcement of Static Separation-of-Duty Policies in Usage Control
ISC '09 Proceedings of the 12th International Conference on Information Security
Set covering problems in role-based access control
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Process compliance analysis based on behavioural profiles
Information Systems
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Proactive defense of insider threats through authorization management
Proceedings of 2011 international workshop on Ubiquitous affective awareness and intelligent interaction
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
A new RBAC based access control model for cloud computing
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
Performance analysis for workflow management systems under role-based authorization control
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
Enhancing directory virtualization to detect insider activity
Security and Communication Networks
NSS'12 Proceedings of the 6th international conference on Network and System Security
On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. Role-based access control (RBAC) is today's dominant access-control model. It is widely believed that one of RBAC's main strengths is that it enables the use of constraints to support policies, such as separation-of-duty. In the literature on RBAC, statically mutually exclusive roles (SMER) constraints are used to enforce SSoD policies. In this paper, we formulate and study fundamental computational problems related to the use of SMER constraints to enforce SSoD policies. We show that directly enforcing SSoD policies is intractable (coNP-complete), while checking whether an RBAC state satisfies a set of SMER constraints is efficient; however, verifying whether a given set of SMER constraints enforces an SSoD policy is also intractable (coNP-complete). We discuss the implications of these results. We show also how to generate SMER constraints that are as accurate as possible for enforcing an SSoD policy.