Available Separation-of-Duty Policies in Access Control

A separation-of-duty (SoD) policy requires a sensitive task to be performed by a set of users of size no less than some threshold. Such focus on safety properties probably stems from the fact that access control has been mostly viewed as a tool for restricting access. An equally important aspect of access control is the availability properties about enabling access. One example is an availability policy, which states that the cooperation of at most a certain number of users is required to successfully complete a task. In many situations, both safety and availability properties are required in the context of access control, though conflicts may arise due to their opposite focuses. In this paper, we combine a static SoD policy and an availability policy to introduce the available static SoD (ASSoD) policies to capture both of the safety and availability properties. We present the computational complexity of the satisfy checking problem of ASSoD policies, and show that it is intractable (both coNP-complete and NPcomplete) to checking whether an access control state satisfy an ASSoD policy. We also show that not all size-2 ASSoD policy set are composable, and study the composition properties of ASSoD policies.