Abstract
Separation of Duty (SoD) is a widely used security principle to help prevent frauds in a business process. Recently presented usage control (UCON) has been considered as the next generation access control model. However, as a related and fundamental problem, the research of SoD policy in UCON has not been explored. In this paper, we give a formal definition of dynamic SoD (DSoD) policies, and show that checking whether a UCON A state satisfies a given DSoD policy is a coNP-complete problem, only two special cases can be checked in polynomial time. We propose the history-based constraints for enforcing DSoD policies in usage control. The key idea is to record each permission access request, and use these histories to make the decision when a new permission request is generated. This approach poses and answers fundamental questions related to enable the use of constraints to support SoD policies in UCON.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
