Entry Li:2007:MER from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Li:2007:MER,
  author =       "Ninghui Li and Mahesh V. Tripunitara and Ziad Bizri",
  title =        "On mutually exclusive roles and separation-of-duty",
  journal =      j-TISSEC,
  volume =       "10",
  number =       "2",
  pages =        "5:1--5:??",
  month =        may,
  year =         "2007",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1237500.1237501",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Jun 12 17:52:05 MDT 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Separation-of-duty (SoD) is widely considered to be a
                 fundamental principle in computer security. A static
                 SoD (SSoD) policy states that in order to have all
                 permissions necessary to complete a sensitive task, the
                 cooperation of at least a certain number of users is
                 required. Role-based access control (RBAC) is today's
                 dominant access-control model. It is widely believed
                 that one of RBAC's main strengths is that it enables
                 the use of constraints to support policies, such as
                 separation-of-duty. In the literature on RBAC,
                 statically mutually exclusive roles (SMER) constraints
                 are used to enforce SSoD policies. In this paper, we
                 formulate and study fundamental computational problems
                 related to the use of SMER constraints to enforce SSoD
                 policies. We show that directly enforcing SSoD policies
                 is intractable (coNP-complete), while checking whether
                 an RBAC state satisfies a set of SMER constraints is
                 efficient; however, verifying whether a given set of
                 SMER constraints enforces an SSoD policy is also
                 intractable (coNP-complete). We discuss the
                 implications of these results. We show also how to
                 generate SMER constraints that are as accurate as
                 possible for enforcing an SSoD policy.",
  acknowledgement = ack-nhfb,
  articleno =    "5",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "computational complexity; constraints; role-based
                 access control; separation-of-duty; verification",
}

Related entries

access-control, 9(4)421, 10(1)2, 10(1)3, 10(2)7, 10(4)2, 10(4)4, 14(1)2, 14(1)9, 15(4)15, 15(4)18, 16(4)17
accurate, 11(4)23, 13(3)27, 13(4)38, 16(1)2, 18(3)11
all, 1(1)93, 2(2)159, 2(3)332, 2(4)416, 10(1)4, 10(4)2, 10(4)4, 11(2)1, 11(2)3, 11(2)4, 11(2)5, 11(2)6, 11(3)13, 11(4)18, 11(4)20, 11(4)22, 12(2)10, 12(3)18, 13(1)10, 13(3)25, 13(3)28, 13(4)38, 13(4)41, 14(1)6, 14(1)14, 14(3)27, 15(1)4, 15(2)9, 15(3)14, 15(4)16, 15(4)17, 16(1)4, 17(1)2, 17(3)9, 17(3)11, 18(1)2, 18(2)5
based, Role-, 3(4)207, 4(1)37, 4(3)191, 12(1)1, 13(3)24
based, role-, 2(1)3, 2(1)34, 2(1)65, 2(1)105, 2(2)177, 4(3)224, 5(4)492, 6(2)201, 6(3)404, 9(4)391, 10(2)7, 10(4)2, 12(3)15, 13(3)24, 13(3)27, 13(3)28, 15(3)13, 15(4)15
believed, 16(2)7
certain, 11(2)1, 11(4)22, 12(1)1, 12(1)6, 12(2)8, 12(4)20, 13(3)26, 13(4)40, 15(2)9, 17(1)2, 17(3)10, 18(2)7
checking, 1(1)3, 10(2)7, 10(4)5, 12(4)20, 14(1)12, 15(4)18, 18(2)6
complete, 10(1)4, 10(4)2, 11(2)5, 12(1)1, 12(3)17, 13(3)20, 13(3)27, 13(4)40, 14(4)31, 15(4)18
complexity, 2(1)65, 9(4)391, 9(4)421, 10(4)5, 11(2)6, 12(3)16, 12(3)18, 12(4)20, 13(4)36, 13(4)40, 14(1)3, 14(1)14, 15(4)16, 16(1)3, 16(1)4, 16(3)10, 17(4)16, 18(2)6, 18(3)10, 18(4)13
computational, 11(2)6, 12(1)3, 12(4)21, 13(3)28, 13(4)40, 15(1)3, 15(2)9, 16(3)12, 16(4)17, 17(3)10, 17(3)12, 17(4)15, 18(2)7, 18(4)12
computer, 1(1)66, 2(1)34, 2(1)105, 2(2)159, 2(3)230, 2(3)269, 2(3)332, 2(4)354, 2(4)416, 11(4)20, 12(2)7, 13(2)11, 15(1)1, 15(2)9, 16(2)5, 17(2)6
considered, 1(1)26, 14(1)14, 15(1)5, 15(4)16
constraint, 2(1)65, 3(4)207, 6(4)501, 7(3)392, 9(2)162, 10(1)2, 10(2)7, 10(4)2, 11(1)3, 11(2)6, 11(3)14, 11(4)20, 12(2)8, 12(2)10, 12(3)19, 13(1)5, 13(3)22, 13(3)25, 13(4)40, 14(4)32, 15(2)10, 15(3)13, 15(4)15, 16(1)3, 16(1)4, 16(4)17, 17(1)3, 17(2)8, 18(2)6
control, access-, 9(4)421, 10(1)2, 10(1)3, 10(2)7, 10(4)2, 10(4)4, 14(1)2, 14(1)9, 15(4)15, 15(4)18, 16(4)17
cooperation, 3(1)1, 17(2)5
directly, 1(1)26, 11(1)2, 12(2)12, 13(3)27
discuss, 2(1)105, 10(2)8, 11(1)2, 11(2)1, 12(4)20, 12(4)22, 13(3)22, 13(3)25, 13(4)35, 14(3)24, 17(1)3, 18(2)7
efficient, 1(1)26, 3(2)63, 6(2)258, 6(3)365, 7(1)21, 9(4)391, 9(4)461, 10(1)3, 10(2)6, 10(4)2, 11(1)3, 11(2)4, 11(2)6, 11(3)15, 11(4)19, 12(1)1, 12(3)15, 12(3)18, 12(4)21, 13(1)9, 13(1)10, 13(3)24, 13(3)27, 13(4)31, 13(4)32, 13(4)34, 13(4)38, 14(1)5, 14(1)14, 15(1)4, 15(2)6, 15(2)9, 15(4)16, 16(1)2, 16(1)4, 17(3)10, 17(4)15, 18(3)11
enable, 2(2)177, 2(3)230, 2(4)354, 9(4)461, 11(1)3, 11(4)17, 11(4)23, 12(1)1, 12(1)6, 12(3)14, 13(3)25, 13(4)31, 14(1)3, 14(1)8, 14(4)32, 15(2)7, 16(1)2, 16(2)7, 17(2)5, 17(2)8, 17(3)10, 17(4)16, 18(1)2
enforce, 1(1)26, 2(2)177, 3(2)85, 7(3)392, 12(2)8, 12(3)19, 13(3)22, 13(3)24, 13(3)28, 14(1)6, 15(2)6, 15(2)10
enforcing, 1(1)26, 2(1)34, 12(2)8, 13(1)6, 13(3)21, 14(3)25, 14(4)31, 16(1)1, 17(1)3
formulate, 9(2)162
fundamental, 11(4)18, 14(1)4, 14(4)31, 18(2)5
generate, 2(4)390, 10(4)2, 11(4)18, 12(2)10, 12(2)11, 13(3)24, 14(1)6, 14(1)12, 16(2)7, 16(2)8, 18(3)9
given, 1(1)3, 1(1)93, 2(1)3, 2(1)105, 10(1)2, 10(4)1, 11(2)3, 11(4)19, 11(4)20, 12(1)2, 12(1)5, 12(1)6, 12(3)14, 12(4)20, 13(1)10, 13(3)26, 14(3)26, 15(2)10, 15(3)12, 15(4)15, 16(1)3, 16(1)4, 17(3)12
have, 1(1)66, 1(1)93, 2(1)65, 2(2)138, 2(3)230, 2(3)269, 10(1)2, 10(1)4, 10(3)10, 10(3)12, 10(4)4, 10(4)5, 10(4)6, 11(1)2, 11(2)1, 11(2)5, 11(3)15, 11(3)16, 11(4)17, 11(4)18, 11(4)21, 12(1)1, 12(1)2, 12(2)10, 12(2)13, 12(3)15, 12(3)16, 12(3)17, 12(4)20, 13(3)20, 13(3)26, 13(3)27, 13(3)28, 13(4)32, 13(4)36, 13(4)39, 13(4)40, 14(1)6, 14(1)7, 14(1)10, 14(1)13, 14(1)14, 14(3)27, 14(4)28, 14(4)29, 15(2)7, 15(2)9, 15(2)10, 15(3)12, 15(4)18, 16(2)7, 16(2)8, 16(3)10, 16(4)15, 16(4)16, 17(1)3, 17(3)11, 17(3)12, 17(4)13, 17(4)15, 18(1)1, 18(1)3, 18(2)5, 18(2)7, 18(4)13
how, 2(1)3, 2(2)138, 2(3)269, 7(2)319, 10(2)8, 10(4)1, 10(4)2, 10(4)5, 11(3)13, 11(4)18, 12(1)2, 12(2)9, 12(2)12, 12(3)18, 12(3)19, 13(1)10, 13(2)13, 13(3)25, 13(4)31, 13(4)36, 14(1)2, 14(3)26, 15(1)5, 15(3)14, 15(4)15, 16(1)3, 16(2)5, 16(2)8, 17(1)1, 17(1)2, 17(1)3, 17(4)15, 18(1)1, 18(1)3, 18(2)6, 18(3)9, 18(4)14
however, 2(3)269, 10(2)8, 11(2)6, 11(3)15, 11(4)18, 11(4)20, 11(4)22, 13(3)20, 13(3)22, 13(4)35, 13(4)38, 13(4)39, 14(1)14, 14(3)24, 14(4)28, 14(4)29, 15(2)10, 16(2)7, 16(3)11, 17(1)2, 17(1)4, 17(3)12, 17(4)15, 18(1)1, 18(2)7, 18(4)13
implication, 13(1)10, 13(3)27, 13(4)35, 15(2)7
intractable, 9(4)391, 12(4)20, 14(3)25
least, 11(3)13, 11(4)19, 14(4)28, 15(3)14, 18(1)1, 18(4)13
Li, Ninghui, 6(1)128, 9(3)352, 9(4)391, 12(4)20, 13(1)2, 13(4)36, 13(4)40, 14(1)1, 14(3)24
literature, 2(3)269, 9(4)391, 13(3)27, 14(1)14, 14(4)30, 15(2)7, 17(2)7, 17(3)9
main, 10(2)8, 11(3)13, 11(4)20, 13(3)27, 13(4)41
mutually, 16(2)5, 17(2)6, 18(2)5
necessary, 2(2)177, 2(4)416, 11(3)16, 12(2)11, 12(3)16, 12(4)20, 14(1)13, 16(1)3
number, 7(2)319, 9(2)181, 10(1)4, 10(3)11, 10(3)12, 10(4)5, 11(1)2, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 12(1)1, 12(1)2, 12(1)5, 12(1)6, 12(2)8, 12(2)9, 12(2)13, 12(3)16, 12(3)18, 12(4)21, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(4)32, 13(4)34, 14(1)11, 14(3)26, 14(4)31, 15(1)4, 15(2)7, 15(2)8, 15(4)15, 16(1)4, 16(2)7, 16(4)14, 16(4)16, 17(3)10, 17(4)16, 18(2)8
one, 1(1)26, 1(1)93, 2(1)3, 2(1)65, 2(3)295, 9(4)461, 10(1)2, 10(2)8, 10(3)12, 10(4)3, 11(2)6, 11(3)14, 12(1)1, 12(1)5, 12(2)13, 12(3)14, 13(3)21, 13(3)25, 13(3)26, 13(3)27, 13(4)41, 14(1)3, 14(1)5, 14(4)30, 14(4)32, 15(2)10, 15(3)11, 15(4)16, 15(4)18, 16(1)3, 16(1)4, 16(3)9, 16(4)14, 17(2)8, 17(4)13, 18(1)1, 18(3)11, 18(4)13
order, 1(1)3, 9(2)181, 9(4)391, 9(4)461, 10(1)4, 10(3)12, 11(2)6, 12(1)1, 12(1)3, 12(3)18, 13(3)24, 15(4)17, 16(1)4, 17(2)6, 17(3)11, 18(1)2
paper, 1(1)66, 1(1)93, 2(1)34, 2(1)105, 2(2)138, 2(2)177, 2(3)269, 2(4)390, 7(2)319, 9(2)162, 9(2)181, 9(4)421, 10(1)2, 10(1)4, 10(2)7, 10(3)9, 10(3)10, 10(3)11, 10(3)12, 10(4)2, 10(4)4, 11(1)2, 11(2)1, 11(2)6, 12(2)12, 14(4)28, 14(4)32
permission, 1(1)26, 2(1)105, 10(1)2, 10(4)2, 12(4)20, 13(3)24, 13(3)27, 15(4)15, 17(1)2
possible, 2(1)105, 10(4)2, 10(4)4, 11(2)6, 11(3)16, 11(4)22, 12(1)6, 12(2)10, 13(3)28, 13(4)33, 13(4)35, 13(4)39, 14(1)3, 14(1)14, 14(3)25, 14(4)32, 15(2)10, 17(1)2, 17(3)9, 18(1)4, 18(3)9
principle, 2(2)138, 10(4)1, 11(4)18, 13(1)4, 14(1)7
problem, 1(1)3, 2(3)269, 2(3)295, 5(3)238, 9(2)162, 9(4)391, 10(2)8, 10(3)9, 10(3)10, 10(3)12, 10(4)1, 10(4)3, 11(2)2, 11(3)12, 11(3)15, 11(4)19, 12(1)2, 12(1)6, 12(2)9, 12(3)18, 12(4)20, 13(3)22, 13(3)26, 13(3)27, 13(4)33, 13(4)36, 13(4)40, 14(3)25, 14(4)31, 15(4)15, 15(4)18, 16(1)3, 16(1)4, 16(3)11, 16(4)15, 17(2)8, 17(3)11, 17(4)15, 18(1)3
RBAC, 2(1)34, 2(1)105, 5(3)332, 7(3)392, 9(4)391, 10(1)2, 12(1)1, 13(3)24, 13(3)27, 13(4)36, 14(1)3, 15(4)15, 15(4)18, 16(2)5
related, 9(4)421, 10(4)2, 13(3)27, 15(2)7, 15(3)11, 16(2)7
required, 7(2)319, 11(2)3, 11(3)15, 11(3)16, 12(1)6, 12(2)8, 12(3)16, 13(3)22, 13(4)29, 14(4)29, 16(4)15, 17(3)10, 17(4)16, 18(3)11
result, 1(1)3, 1(1)26, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 10(4)5, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)20, 11(4)21, 11(4)22, 12(1)4, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
role, 2(1)3, 2(1)65, 2(1)105, 2(2)177, 9(2)113, 10(1)2, 10(4)2, 11(1)3, 11(4)20, 12(1)1, 12(3)15, 13(3)20, 13(3)27, 13(4)36, 13(4)40, 15(3)13, 15(4)15, 15(4)18
role-based, 2(1)3, 2(1)34, 2(1)65, 2(1)105, 2(2)177, 3(4)207, 4(1)37, 4(3)191, 4(3)224, 5(4)492, 6(2)201, 6(3)404, 9(4)391, 10(2)7, 10(4)2, 12(1)1, 12(3)15, 13(3)24, 13(3)27, 13(3)28, 15(3)13, 15(4)15
satisfy, 1(1)93, 11(1)2, 12(3)18, 12(4)20, 13(3)26, 15(3)13, 16(1)4, 18(2)6
sensitive, 1(1)26, 2(2)159, 2(3)332, 6(1)1, 10(2)7, 10(3)12, 12(2)9, 12(3)15, 13(3)21, 13(3)22, 13(3)24
set, 2(1)34, 2(2)138, 2(4)390, 8(1)3, 9(4)421, 10(3)12, 10(4)2, 10(4)3, 10(4)5, 11(2)1, 11(2)3, 11(3)13, 11(4)18, 11(4)21, 12(2)11, 12(3)18, 12(3)19, 12(4)20, 12(4)21, 13(1)9, 13(1)10, 13(3)27, 13(4)40, 14(1)12, 14(3)25, 14(4)31, 15(1)2, 15(2)7, 15(2)10, 15(3)13, 15(4)15, 16(1)4, 17(1)2, 17(2)8, 17(3)11, 17(4)13, 17(4)14, 18(1)4, 18(3)10, 18(3)11
SoD, 15(3)13
state, 1(1)93, 2(2)177, 12(1)4, 12(1)5, 12(2)8, 12(4)20, 13(1)10, 13(3)20, 14(1)6, 14(1)10, 14(1)13, 14(4)32, 16(1)3, 17(2)7, 18(1)3, 18(1)4
static, 2(1)65, 9(3)292, 10(4)4, 11(2)3, 11(3)15, 12(1)1, 12(4)20, 13(4)32, 14(1)6, 16(1)4, 17(4)15, 18(1)4, 18(2)8
strength, 2(3)269, 2(4)416, 10(4)6, 11(1)2, 11(4)22, 17(2)7, 18(1)1, 18(4)13
study, 2(3)230, 2(4)416, 7(2)206, 10(4)5, 11(1)3, 11(2)3, 11(4)23, 12(1)6, 12(3)14, 12(4)20, 13(4)40, 14(1)7, 14(2)18, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(2)10, 15(3)13, 17(1)1, 17(2)7, 17(3)12, 17(4)14, 18(1)1, 18(1)2, 18(1)4, 18(2)5, 18(2)7, 18(3)9, 18(4)13
support, 2(2)159, 5(4)492, 6(4)443, 6(4)547, 10(1)2, 10(1)4, 10(2)7, 10(3)12, 10(4)5, 11(1)3, 11(2)5, 12(1)3, 12(3)14, 12(3)15, 12(4)21, 13(3)24, 13(4)31, 14(1)3, 14(1)11, 14(1)12, 14(4)29, 15(2)9, 15(3)13, 17(2)5, 17(2)7, 17(4)15, 18(2)8, 18(3)11
task, 2(1)65, 2(3)295, 9(4)391, 11(4)23, 12(3)14, 12(4)20, 13(3)20, 13(3)27, 15(2)9, 15(3)13, 16(3)11, 17(1)4
today, 10(3)12, 14(3)24, 14(4)31, 16(2)8, 16(3)11, 17(3)11
Tripunitara, Mahesh V., 9(4)391
use, 2(1)3, 2(1)105, 2(2)138, 2(2)177, 2(3)230, 2(3)269, 2(3)332, 2(4)354, 2(4)390, 4(2)103, 7(1)21, 9(4)391, 9(4)421, 9(4)461, 10(1)4, 10(3)11, 10(4)1, 10(4)3, 10(4)5, 10(4)6, 11(1)2, 11(1)3, 11(1)4, 11(2)1, 11(2)4, 11(3)13, 11(3)14, 11(4)18, 11(4)19, 11(4)21, 11(4)22, 12(2)10, 12(3)16, 12(3)18, 13(3)22, 13(3)24, 13(3)25, 13(4)29, 13(4)31, 13(4)36, 14(1)6, 14(1)8, 14(1)10, 14(1)11, 14(4)31, 14(4)32, 15(1)3, 15(1)4, 15(1)5, 15(2)7, 15(3)12, 15(4)15, 15(4)16, 15(4)17, 16(2)8, 16(4)15, 16(4)17, 17(2)5, 17(2)6, 17(2)7, 17(2)8, 17(4)15, 17(4)16, 18(1)1, 18(2)6, 18(3)9, 18(4)14
used, 1(1)3, 2(1)65, 2(4)416, 7(2)319, 9(2)181, 10(1)2, 10(2)7, 10(2)8, 10(4)2, 11(1)2, 11(1)3, 11(2)3, 11(3)14, 11(3)15, 11(3)16, 11(4)21, 11(4)22, 12(2)8, 12(3)15, 13(1)10, 13(3)22, 13(3)25, 13(4)29, 13(4)34, 14(1)3, 14(1)12, 14(1)13, 14(3)27, 15(1)3, 15(1)5, 15(3)12, 15(4)17, 15(4)18, 16(2)7, 16(2)8, 16(3)10, 17(1)1, 17(2)7, 17(3)9, 17(4)13, 18(1)3, 18(2)5, 18(2)6, 18(3)9, 18(4)13, 18(4)14
verification, 2(3)332, 3(1)51, 8(3)287, 10(2)6, 10(2)7, 10(3)9, 10(3)11, 11(2)5, 11(3)14, 12(1)3, 12(1)6, 14(1)5, 14(3)25, 14(4)32, 15(1)3, 15(2)9, 15(4)18, 16(2)8, 17(2)6, 18(2)6, 18(2)8, 18(3)11, 18(4)14
verifying, 2(3)332, 10(2)7, 10(3)11, 11(2)5, 14(3)25, 15(4)18
whether, 1(1)3, 1(1)26, 10(4)2, 10(4)5, 11(2)3, 11(2)6, 11(3)16, 12(1)1, 12(4)20, 13(3)26, 13(4)40, 14(3)25, 14(4)32, 16(1)3, 16(1)4, 17(1)1, 17(1)2
while, 2(3)230, 2(4)354, 9(4)391, 9(4)421, 9(4)461, 10(4)2, 11(1)4, 11(2)2, 11(2)6, 11(4)18, 11(4)19, 11(4)22, 12(2)9, 12(3)16, 13(1)5, 13(3)22, 13(3)25, 13(4)39, 13(4)41, 14(3)25, 14(3)26, 14(4)31, 15(3)12, 15(4)15, 15(4)17, 16(3)9, 16(3)12, 16(4)16, 17(1)4, 17(3)9, 17(4)15, 18(1)1, 18(2)7
widely, 10(2)6, 10(3)12, 16(1)4