skip to main content
article

On mutually exclusive roles and separation-of-duty

Published:01 May 2007Publication History
Skip Abstract Section

Abstract

Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. Role-based access control (RBAC) is today's dominant access-control model. It is widely believed that one of RBAC's main strengths is that it enables the use of constraints to support policies, such as separation-of-duty. In the literature on RBAC, statically mutually exclusive roles (SMER) constraints are used to enforce SSoD policies. In this paper, we formulate and study fundamental computational problems related to the use of SMER constraints to enforce SSoD policies. We show that directly enforcing SSoD policies is intractable (coNP-complete), while checking whether an RBAC state satisfies a set of SMER constraints is efficient; however, verifying whether a given set of SMER constraints enforces an SSoD policy is also intractable (coNP-complete). We discuss the implications of these results. We show also how to generate SMER constraints that are as accurate as possible for enforcing an SSoD policy.

References

  1. Ahn, G.-J. and Sandhu, R. S. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of the 4th Workshop on Role-Based Access Control. 43--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207--226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. ANSI. 2004. American national standard for information technology---role based access control. ANSI INCITS 359-2004.Google ScholarGoogle Scholar
  4. Atluri, V. and Huang, W. 1996. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS). 44--64. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Baldwin, R. W. 1990. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 116--132.Google ScholarGoogle ScholarCross RefCross Ref
  6. Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2, 1 (Feb.), 65--104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Botha, R. and Eloff, J. 2001. Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40, 3, 666--682. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Clark, D. D. and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, D.C. 184--194.Google ScholarGoogle Scholar
  9. Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003). Como, Italy. 43--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Crampton, J. 2004. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of the 3rd Workshop on Foundations of Computer Security. Turku, Finland. 61--74.Google ScholarGoogle Scholar
  11. Crampton, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (SACMAT 2005). Stockholm, Sweden. 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Du, D., Gu, J., and Pardalos, P. M., Eds. 1997. Satisfiability Problem: Theory and Applications. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 35. AMS Press, Brooklyn, NY.Google ScholarGoogle Scholar
  13. Ferraiolo, D. F. and Kuhn, D. R. 1992. Role-based access control. In Proceedings of the 15th National Information Systems Security Conference.Google ScholarGoogle Scholar
  14. Ferraiolo, D. F., Cuigini, J. A., and Kuhn, D. R. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC'95).Google ScholarGoogle Scholar
  15. Ferraiolo, D. F., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4, 3 (Aug.), 224--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role-Based Access Control. Artech House. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Foley, S., Gong, L., and Qian, X. 1996. A security model of dynamic labeling providing a tiered approach to verification. In Proceedings of IEEE Symposium on Research in Security and Privacy. 142--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Foley, S. N. 1997. The specification and implementation of ‘commercial’ security requirements including dynamic segregation of duties. In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS-4). 125--134. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Garey, M. R. and Johnson, D. J. 1979. Computers And Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy. 172--183.Google ScholarGoogle Scholar
  21. Jaeger, T. 1999. On the increasing importance of constraints. In Proceedings of ACM Workshop on Role-Based Access Control. 33--42. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Joshi, J., Bertino, E., Shafiq, B., and Ghafoor, A. 2003. Dependencies and separation of duty constraints in gtrbac. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT). 51--64. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering (TKDE) 17, 1 (Jan.), 4--23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Kandala, S. and Sandhu, R. 2002. Secure Role-Based Workflow Models. In Proceedings of the Fifteenth Annual Working Conference on Database and Application Security. Kluwer Academic Publishers, Norwell, MA. 45--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Knorr, K. and Stormer, H. 2001. Modeling and Analyzing Separation of Duties in Workflow Environments. 199--212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Kuhn, D. R. 1997. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97). 23--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Li, N., Bizri, Z., and Tripunitara, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS-11). ACM Press, New York. 42--51. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy. 201--209.Google ScholarGoogle Scholar
  30. Papadimitriou, C. H. 1994. Computational Complexity. Addison Wesley Longman, New York.Google ScholarGoogle Scholar
  31. Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept.), 1278--1308.Google ScholarGoogle ScholarCross RefCross Ref
  32. Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security.Google ScholarGoogle Scholar
  33. Sandhu, R. and Jajodia, S. 1990. Integrity mechanisms in database management systems. In Proceedings of the 13th NIST-NCSC National Computer Security Conference. 526--540.Google ScholarGoogle Scholar
  34. Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Annual Computer Security Applications Conference (ACSAC'88).Google ScholarGoogle ScholarCross RefCross Ref
  35. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Schaad, A., Moffett, J., and Jacob, J. 2001. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 3--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Simon, T. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Washington, D.C. 183--194. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Tan, K., Crampton, J., and Gunter, C. 2004. The consistency of task-based authorization constraints in workflow systems. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 155--169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Tidswell, J. and Jaeger, T. 2000. An access control model for simplifying constraint expression. In Proceedings of ACM Conference on Computer and Communications Security. 154--163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Ting, T. C. 1988. A user-role based data security approach. In Database Security: Status and Prospects. Results of the IFIP WG 11.3 Initial Meeting, C. Landwehr, Ed. North-Holland, Amsterdam. 187--208. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. On mutually exclusive roles and separation-of-duty

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader