Separation of Duties (SoD) aims at preventing fraud and errors by distributing tasks and associated authorizations among multiple users. Li and Wang [2008] proposed an algebra (SoDA) for specifying SoD requirements, which is both expressive in the requirements it formalizes and abstract in that it is not bound to a workflow model. In this article, we bridge the gap between the specification of SoD constraints modeled in SoDA and their enforcement in a dynamic, service-oriented enterprise environment. We proceed by generalizing SoDA's semantics to traces, modeling workflow executions that satisfy the respective SoDA terms. We then refine the set of traces induced by a SoDA term to also account for a workflow's control-flow and role-based authorizations. Our formalization, which is based on the process algebra CSP, supports the enforcement of SoD on general workflows and handles changing role assignments during workflow execution, addressing a well-known source of fraud. The resulting CSP model serves as blueprint for a distributed and loosely coupled architecture where SoD enforcement is provisioned as a service. This concept, which we call SoD as a Service, facilitates a separation of concerns between business experts and security professionals. As a result, integration and configuration efforts are minimized and enterprises can quickly adapt to organizational, regulatory, and technological changes. We describe an implementation of SoD as a Service, which combines commercial components such as a workflow engine with newly developed components such as an SoD enforcement monitor. To evaluate our design decisions and to demonstrate the feasibility of our approach, we present a case study of a drug dispensation workflow deployed in a hospital.
Read full abstract