Title: Mutually exclusive permissions in RBAC
Authors: Muhammad Asif Habib; Qaisar Abbas
Addresses: FIM, Johannes Kepler University, Altenbergerstraße 69, A-4040 Linz, Austria; Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan. ' Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan
Abstract: Role-based access control (RBAC) always provides tight security of information and ease of management to security policy. There are certain constraints which make the information security tight. Separation of duty (SOD) in terms of mutual exclusion and role inheritance (RI) are some of those constraints which provide security of information and make the management of security policy easier. On one side after implementing separation of duty, we may able to get tight security but on the other side it can create complexity for the security administrator and the end users who use the system. Implementing mutual exclusion on the basis of roles reduces the authority of the RBAC user for which the user is authorised. In this paper, we describe the complexities and complications which can be faced after implementing separation of duty in terms of mutually exclusive roles (MER). We also describe the problems which can be faced if either the role inheritance is not implemented or implemented in an incomplete manner. We also propose a model to counter the problems.
Keywords: dynamic separation of duty; DSOD; mutually exclusive roles; MERs; conflict of interest; role inheritance; role-based access control; RBAC; mutually exclusive permissions; MEPs; information security.
DOI: 10.1504/IJITST.2012.047962
International Journal of Internet Technology and Secured Transactions, 2012 Vol.4 No.2/3, pp.207 - 220
Received: 29 Sep 2011
Accepted: 16 Mar 2012
Published online: 09 Aug 2014 *