智能与分布计算实验室

Dynamic Enforcement of Separation-of-Duty Policies

出版社:
  • 会议名称:The 2009 International Conference on Multimedia Information NEtworking and Security (MINES 2009)
  • 举办地点:Wuhan,China
  • 举办日期:November 18-20,2009
  • 页数:394-397
摘要内容:

Separation-of-duty (SoD) policy is widely considered to be a fundamental security principle for prevention of fraud and errors in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In this paper, we study the problem of dynamic enforcement of SSoD policies in access control systems. We formally define the notion of an SSoD policy, and introduce the problem of dynamic safety checking problem (DSCP) which asks whether an access control state satisfies a given SSoD policy, and show that it is intractable (NP-complete) for directly enforcing SSoD policies in access control. Furthermore, we design and evaluate an improvement algorithm for solving DSCP.

关键词:
  • dynamic enforcement; access control;computational complexity