3rd International ICST Symposium on Information Assurance and Security

Research Article

Separation of Duty in Role-Based Access Control Model through Fuzzy Relations

  • @INPROCEEDINGS{10.1109/IAS.2007.68,
        author={Hassan Takabi and Morteza  Amini and  Rasool  Jalili},
        title={Separation of Duty in Role-Based Access Control Model through Fuzzy Relations},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Access control  Computer errors  Computer networks  Computer security  Fuzzy control  Fuzzy set theory  Information security  NIST  Permission},
        doi={10.1109/IAS.2007.68}
    }
    
  • Hassan Takabi
    Morteza Amini
    Rasool Jalili
    Year: 2007
    Separation of Duty in Role-Based Access Control Model through Fuzzy Relations
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.68
Hassan Takabi1,*, Morteza Amini1,*, Rasool Jalili1,*
  • 1: Network Security Center Computer Engineering Department Sharif University of Technology Tehran, Iran
*Contact email: takabi@ce.sharif.edu, m_amini@ce.sharif.edu, jalili@sharif.edu

Abstract

As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclusive Role (SMER) constraints are used to enforce Static Separation of Duty policies. Dynamic Separation of duty policies, like SSoD policies, are intended to limit the permissions that are available to a user. However, DSoD policies differ from SSoD policies by the context in which these limitations are imposed. A DSoD policy limits the availability of the permissions over a users permission space by placing constraints on the roles that can be activated within or across a users sessions. Like SMER, in RBAC Dynamically Mutually Exclusive Role (DMER) constraints are used to enforce DSoD policies. We investigated using of a fuzzy approach to address the issue in order to provide a more practical solution. In this paper, we propose a model to express the separation of duty policies in RBAC using the fuzzy set theory. The concept of trustworthiness, which is fuzzy in nature, is used to express this model. In comparison with non-fuzzy methods, our method is more pragmatic and more consistent with the real world. The expressiveness of our method is higher than the non- fuzzy ones. We show expression of some constraints in our method which cannot be expressed by non-fuzzy methods. Applicability of the method is shown through an example of the real world.