Title: Mutually exclusive permissions in RBAC

Authors: Muhammad Asif Habib; Qaisar Abbas

Addresses: FIM, Johannes Kepler University, Altenbergerstraße 69, A-4040 Linz, Austria; Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan. ' Department of CS, National Textile University, Sheikhupura Road, Faisalabad (37610), Pakistan

Abstract: Role-based access control (RBAC) always provides tight security of information and ease of management to security policy. There are certain constraints which make the information security tight. Separation of duty (SOD) in terms of mutual exclusion and role inheritance (RI) are some of those constraints which provide security of information and make the management of security policy easier. On one side after implementing separation of duty, we may able to get tight security but on the other side it can create complexity for the security administrator and the end users who use the system. Implementing mutual exclusion on the basis of roles reduces the authority of the RBAC user for which the user is authorised. In this paper, we describe the complexities and complications which can be faced after implementing separation of duty in terms of mutually exclusive roles (MER). We also describe the problems which can be faced if either the role inheritance is not implemented or implemented in an incomplete manner. We also propose a model to counter the problems.

Keywords: dynamic separation of duty; DSOD; mutually exclusive roles; MERs; conflict of interest; role inheritance; role-based access control; RBAC; mutually exclusive permissions; MEPs; information security.

DOI: 10.1504/IJITST.2012.047962

International Journal of Internet Technology and Secured Transactions, 2012 Vol.4 No.2/3, pp.207 - 220

Available online: 16 Jul 2012

Full-text access for editors Access for subscribers Purchase this article Comment on this article