Abstract

As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclusive Role (SMER) constraints are used to enforce Static Separation of Duty policies. Dynamic Separation of duty policies, like SSoD policies, are intended to limit the permissions that are available to a user. However, DSoD policies differ from SSoD policies by the context in which these limitations are imposed. A DSoD policy limits the availability of the permissions over a users permission space by placing constraints on the roles that can be activated within or across a users sessions. Like SMER, in RBAC Dynamically Mutually Exclusive Role (DMER) constraints are used to enforce DSoD policies. We investigated using of a fuzzy approach to address the issue in order to provide a more practical solution. In this paper, we propose a model to express the separation of duty policies in RBAC using the fuzzy set theory. The concept of trustworthiness, which is fuzzy in nature, is used to express this model. In comparison with non-fuzzy methods, our method is more pragmatic and more consistent with the real world. The expressiveness of our method is higher than the non- fuzzy ones. We show expression of some constraints in our method which cannot be expressed by non-fuzzy methods. Applicability of the method is shown through an example of the real world.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.