Title :
Dynamic Enforcement of Separation-of-Duty Policies
Author :
Lu, Jianfeng ; Li, Ruixuan ; Lu, Zhengding ; Jin, Yanan
Author_Institution :
Coll. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Separation-of-duty (SoD) policy is widely considered to be a fundamental security principle for prevention of fraud and errors in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In this paper, we study the problem of dynamic enforcement of SSoD policies in access control systems. We formally define the notion of an SSoD policy, and introduce the problem of dynamic safety checking problem (DSCP) which asks whether an access control state satisfies a given SSoD policy, and show that it is intractable (NP-complete) for directly enforcing SSoD policies in access control. Furthermore, we design and evaluate an improvement algorithm for solving DSCP.
Keywords :
computational complexity; optimisation; security of data; NP-complete; access control; computer security; dynamic enforcement; dynamic safety checking problem; separation-of-duty policies; Bayesian methods; Computer networks; Costs; Decision making; Game theory; Information security; Information systems; Multimedia systems; Nash equilibrium; Protection; Separation-of-Duty; access control; computational complexity; dynamic enforcement;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.102
