Abstract
Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control ABAC can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty SoD is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it. Experiments on a wide range of data sets show encouraging results.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
