History-based constraints for dynamic separation-of-duty policies in usage control

Author

Lu, Jianfeng ; Dewu Xu

Author_Institution

Sch. of Math.-Phys. & Inf. Eng., Zhejiang Normal Univ., Jinhua, China

Volume

4

fYear

2011

fDate

24-26 Dec. 2011

Firstpage

2438

Lastpage

2442

Abstract

Separation of Duty (SoD) is a widely used security principle to help prevent frauds in a business process. Recently presented usage control (VeON) has been considered as the next generation access control model. However, as a related and fundamental problem, the research of SoD policy in VeON has not been explored. In this paper, we give a formal definition of dynamic SoD (DSoD) policies, and show that checking whether a VeONA state satisfies a given DSoD policy is a coNP-complete problem, only two special cases can be checked in polynomial time. We propose the history-based constraints for enforcing DSoD policies in usage control. The key idea is to record each permission access request, and use these histories to make the decision when a new permission request is generated. This approach poses and answers fundamental questions related to enable the use of constraints to support SoD policies in VeON.

Keywords

authorisation; business data processing; optimisation; polynomials; SoD; access control model; business process; coNP-complete problem; dynamic separation-of-duty policies; formal definition; history based constraints; polynomial time; security principle; usage control; Computers; dynamic separation of duty; history-based constraint; usage control;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Network Technology (ICCSNT), 2011 International Conference on

Conference_Location

Harbin

Print_ISBN

978-1-4577-1586-0

Type

conf

DOI

10.1109/ICCSNT.2011.6182463

Filename

6182463