article

On mutually exclusive roles and separation-of-duty

Authors:

Mahesh V. Tripunitara,

Ziad BizriAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 10, Issue 2

Pages 5 - es

https://doi.org/10.1145/1237500.1237501

Published: 01 May 2007 Publication History

Abstract

Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. Role-based access control (RBAC) is today's dominant access-control model. It is widely believed that one of RBAC's main strengths is that it enables the use of constraints to support policies, such as separation-of-duty. In the literature on RBAC, statically mutually exclusive roles (SMER) constraints are used to enforce SSoD policies. In this paper, we formulate and study fundamental computational problems related to the use of SMER constraints to enforce SSoD policies. We show that directly enforcing SSoD policies is intractable (coNP-complete), while checking whether an RBAC state satisfies a set of SMER constraints is efficient; however, verifying whether a given set of SMER constraints enforces an SSoD policy is also intractable (coNP-complete). We discuss the implications of these results. We show also how to generate SMER constraints that are as accurate as possible for enforcing an SSoD policy.

References

[1]

Ahn, G.-J. and Sandhu, R. S. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of the 4th Workshop on Role-Based Access Control. 43--54.

Digital Library

[2]

Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207--226.

Digital Library

[3]

ANSI. 2004. American national standard for information technology---role based access control. ANSI INCITS 359-2004.

[4]

Atluri, V. and Huang, W. 1996. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS). 44--64.

Digital Library

[5]

Baldwin, R. W. 1990. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 116--132.

[6]

Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2, 1 (Feb.), 65--104.

Digital Library

[7]

Botha, R. and Eloff, J. 2001. Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40, 3, 666--682.

Digital Library

[8]

Clark, D. D. and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, D.C. 184--194.

[9]

Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003). Como, Italy. 43--50.

Digital Library

[10]

Crampton, J. 2004. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of the 3rd Workshop on Foundations of Computer Security. Turku, Finland. 61--74.

[11]

Crampton, J. 2005. A reference monitor for workflow systems with constrained task execution. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies (SACMAT 2005). Stockholm, Sweden. 38--47.

Digital Library

[12]

Du, D., Gu, J., and Pardalos, P. M., Eds. 1997. Satisfiability Problem: Theory and Applications. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 35. AMS Press, Brooklyn, NY.

[13]

Ferraiolo, D. F. and Kuhn, D. R. 1992. Role-based access control. In Proceedings of the 15th National Information Systems Security Conference.

[14]

Ferraiolo, D. F., Cuigini, J. A., and Kuhn, D. R. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC'95).

[15]

Ferraiolo, D. F., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4, 3 (Aug.), 224--274.

Digital Library

[16]

Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role-Based Access Control. Artech House.

Digital Library

[17]

Foley, S., Gong, L., and Qian, X. 1996. A security model of dynamic labeling providing a tiered approach to verification. In Proceedings of IEEE Symposium on Research in Security and Privacy. 142--153.

Digital Library

[18]

Foley, S. N. 1997. The specification and implementation of ‘commercial’ security requirements including dynamic segregation of duties. In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS-4). 125--134.

Digital Library

[19]

Garey, M. R. and Johnson, D. J. 1979. Computers And Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco, CA.

Digital Library

[20]

Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy. 172--183.

[21]

Jaeger, T. 1999. On the increasing importance of constraints. In Proceedings of ACM Workshop on Role-Based Access Control. 33--42.

Digital Library

[22]

Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158--190.

Digital Library

[23]

Joshi, J., Bertino, E., Shafiq, B., and Ghafoor, A. 2003. Dependencies and separation of duty constraints in gtrbac. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT). 51--64.

Digital Library

[24]

Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering (TKDE) 17, 1 (Jan.), 4--23.

Digital Library

[25]

Kandala, S. and Sandhu, R. 2002. Secure Role-Based Workflow Models. In Proceedings of the Fifteenth Annual Working Conference on Database and Application Security. Kluwer Academic Publishers, Norwell, MA. 45--58.

Digital Library

[26]

Knorr, K. and Stormer, H. 2001. Modeling and Analyzing Separation of Duties in Workflow Environments. 199--212.

Digital Library

[27]

Kuhn, D. R. 1997. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97). 23--30.

Digital Library

[28]

Li, N., Bizri, Z., and Tripunitara, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS-11). ACM Press, New York. 42--51.

Digital Library

[29]

Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy. 201--209.

[30]

Papadimitriou, C. H. 1994. Computational Complexity. Addison Wesley Longman, New York.

[31]

Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept.), 1278--1308.

[32]

Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security.

[33]

Sandhu, R. and Jajodia, S. 1990. Integrity mechanisms in database management systems. In Proceedings of the 13th NIST-NCSC National Computer Security Conference. 526--540.

[34]

Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Annual Computer Security Applications Conference (ACSAC'88).

[35]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38--47.

Digital Library

[36]

Schaad, A., Moffett, J., and Jacob, J. 2001. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 3--9.

Digital Library

[37]

Simon, T. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Washington, D.C. 183--194.

Digital Library

[38]

Tan, K., Crampton, J., and Gunter, C. 2004. The consistency of task-based authorization constraints in workflow systems. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 155--169.

Digital Library

[39]

Tidswell, J. and Jaeger, T. 2000. An access control model for simplifying constraint expression. In Proceedings of ACM Conference on Computer and Communications Security. 154--163.

Digital Library

[40]

Ting, T. C. 1988. A user-role based data security approach. In Database Security: Status and Prospects. Results of the IFIP WG 11.3 Initial Meeting, C. Landwehr, Ed. North-Holland, Amsterdam. 187--208.

Digital Library

Cited By

Groll SFuchs LPernul G(2025)Separation of Duty in Information SecurityACM Computing Surveys10.1145/371595957:7(1-35)Online publication date: 20-Feb-2025
https://doi.org/10.1145/3715959
Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Groll SKern SFuchs LPernul G(2024)A Framework for Managing Separation of Duty PoliciesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670912(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670912
Show More Cited By

Index Terms

On mutually exclusive roles and separation-of-duty

Recommendations

On mutually-exclusive roles and separation of duty
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain ...
Dynamic Enforcement of Separation-of-Duty Policies
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02

Separation-of-duty (SoD) policy is widely considered to be a fundamental security principle for prevention of fraud and errors in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a ...
Specification and Enforcement of Static Separation-of-Duty Policies in Usage Control
ISC '09: Proceedings of the 12th International Conference on Information Security

Separation-of-Duty (SoD) policy is a fundamental security principle for prevention of fraud and errors in computer security. The research of static SoD (SSoD) policy in recently presented usage control (UCON) model has not been explored. Consequently, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 10, Issue 2

May 2007

144 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1237500

Issue’s Table of Contents

Copyright © 2007 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2007

Published in TISSEC Volume 10, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

101
Total Citations
View Citations
1,422
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Groll SFuchs LPernul G(2025)Separation of Duty in Information SecurityACM Computing Surveys10.1145/371595957:7(1-35)Online publication date: 20-Feb-2025
https://doi.org/10.1145/3715959
Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Groll SKern SFuchs LPernul G(2024)A Framework for Managing Separation of Duty PoliciesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670912(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670912
Yang BHu H(2024)An Efficient Verification Approach to Separation of Duty in Attribute-Based Access ControlIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.337356236:9(4428-4442)Online publication date: Sep-2024
https://doi.org/10.1109/TKDE.2024.3373562
Du YZhou YHu H(2023)Dynamic Assignment of Roles and Users for Business Processes Under Security RequirementsIEEE Transactions on Industrial Informatics10.1109/TII.2023.324056819:10(10344-10355)Online publication date: Oct-2023
https://doi.org/10.1109/TII.2023.3240568
Yang B(2023)Enforcement of separation of duty constraints in attribute-based access controlComputers and Security10.1016/j.cose.2023.103294131:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103294
Jin ZXing LFang YJia YYuan BLiu QYin HStavrou ACremers CShi E(2022)P-VerifierProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560680(1647-1661)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560680
Anderer SScheuermann BMostaghim SBauerle PBeil MLobo JDi Pietro RChowdhury O(2021)RMPlib: A Library of Benchmarks for the Role Mining ProblemProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463566(3-13)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463566
Samtani SKantarcioglu MChen H(2021)A Multi-Disciplinary Perspective for Conducting Artificial Intelligence-enabled Privacy AnalyticsACM Transactions on Management Information Systems10.1145/344750712:1(1-18)Online publication date: 17-Mar-2021
https://dl.acm.org/doi/10.1145/3447507
Roy ASural SMajumdar AVaidya JAtluri V(2021)Optimal Employee Recruitment in Organizations under Attribute-Based Access ControlACM Transactions on Management Information Systems10.1145/340395012:1(1-24)Online publication date: 12-Jan-2021
https://dl.acm.org/doi/10.1145/3403950
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents