Title :
Global Static Separation of Duty in Multi-domains
Author :
Ma, Xiaopu ; Li, Ruixuan ; Lu, Zhengding ; Lu, Jianfeng
Author_Institution :
Coll. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Separation of duty (SoD) is an important control principle in computer security. In the context of role-based access control, the static SoD (SSoD) policies can be enforced by statically mutually exclusive roles (SMER) constraints. This paper studies the problem of SSoD in multi-domains in the context of IRBAC model firstly. Then investigates a question related to multi-domains: the global SSoD (GSSoD) policy in order to satisfy the global requirements. It shows that directly enforce the problem is coNP-complete. Finally, enforcing GSSoD policies by the global statically mutually exclusive roles (GSMER) constraints in IRBAC model is given.
Keywords :
authorisation; computational complexity; IRBAC model; coNP-complete; computer security; global static separation of duty; global statically mutually exclusive roles constraints; role-based access control; Access control; Computer networks; Computer science; Computer security; Educational institutions; Electronic mail; Information security; Information technology; Permission; Protection; Separation of Duty; global static separation of duty; global statically mutually exclusive roles;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.117
