A simple model of separation of duty for access control models

Abstract

The principle of separation of duty is widely studied in the literature. Techniques for enforcing separation of duty (SD) policies fall under three categories, namely: static, dynamic and history-based separation of duty. Static SD is very limited in terms of its applicability and the use case it supports. In contrast, models that enforce SD dynamically have richer semantics therefore providing support for a wider number of SD policies. However, the use cases they support may be more than what typical systems require. The generality in these approaches makes them more costly and complicated to implement.This paper proposes a formal model of separation of duty that captures a certain type of separation of duty policies. The model is accessible such that one could easily incorporate it into existing access control models that do not yet have interfaces for creation and enforcement of separation of duty policies. More concretely, we described how our model was incorporated into the Role-based Access Control (RBAC) model to extend its separation of duty capabilities. We showed that this process was straightforward and the changes we have made in the RBAC specification were controlled and mostly additive ones. Moreover we also showed that under our model, one could also reduce the number of permissions that have to be managed in an access control system.