Dynamic Enforcement of Abstract Separation of Duty Constraints

  • David Basin
  • Samuel J. Burri
  • Günter Karjoth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


Separation of Duties (SoD) aims to prevent fraud and errors by distributing tasks and associated privileges among multiple users. Li and Wang proposed an algebra (SoDA) for specifying SoD requirements, which is both expressive in the requirements it formalizes and abstract in that it is not bound to any specific workflow model. In this paper, we both generalize SoDA and map it to enforcement mechanisms. First, we increase SoDA’s expressiveness by extending its semantics to multisets. This better suits policy enforcement over workflows, where users may execute multiple tasks. Second, we further generalize SoDA to allow for changing role assignments. This lifts the strong restriction that authorizations do not change during workflow execution. Finally, we map SoDA terms to CSP processes, taking advantage of CSP’s operational semantics to provide the critical link between abstract specifications of SoD requirements by SoDA terms and runtime-enforcement mechanisms.


Label Transition System Enforcement Mechanism Access Control Policy Access Control Model Business Process Modeling Notation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Enron, See you in court. The Economist, November 15 (2001)Google Scholar
  2. 2.
    Sarbanes-Oxley Act of 2002. Public Law 107-204 (116 Statute 745), United States Senate and House of Representatives in Congress (2002)Google Scholar
  3. 3.
    Saltzer, J., Schroeder, M.: The Protection of Information in Computer Systems. Proceeding of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  4. 4.
    Sandhu, R.S.: Transaction Control Expressions for Separation of Duties. In: 4th IEEE Aerospace Computer Security Applications Conference, pp. 282–286 (1988)Google Scholar
  5. 5.
    Li, N., Wang, Q.: Beyond separation of duty: An algebra for specifying high-level security policies. Journal of the ACM 55(3) (2008)Google Scholar
  6. 6.
    Ferraiolo, D.F., et al.: Proposed NIST Standard for Role-Based Access Control. ACM Trans. on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  7. 7.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)zbMATHGoogle Scholar
  8. 8.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1997)Google Scholar
  9. 9.
    Syropoulos, A.: Mathematics of Multisets. In: Multiset Processing, pp. 347–358 (2000)Google Scholar
  10. 10.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  11. 11.
    Basin, D., Burri, S.J., Karjoth, G.: Dynamic Enforcement of Abstract Separation of Duty Constraints. IBM Research Report RZ3726 (2009),
  12. 12.
    Schneider, F.B.: Enforceable Security Policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)CrossRefGoogle Scholar
  13. 13.
    Business Process Modeling Notation (BPMN). OMG Standard, v. 1.1 (2008)Google Scholar
  14. 14.
    Web Services Business Process Execution Language (WS-BPEL). OASIS Standard, v. 2.0 (2007)Google Scholar
  15. 15.
    Wong, P.Y.H., Gibbons, J.: A Process-Algebraic Approach to Workflow Specification and Refinement. In: Int. Symp. on Software Composition, pp. 51–65 (2007)Google Scholar
  16. 16.
    Gligor, V.D., Gavrila, S.I., Ferraiolo, D.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: 19th IEEE Symposium on Security and Privacy, pp. 172–183 (1998)Google Scholar
  17. 17.
    Simon, R., Zurko, M.E.: Separation of Duty in Role-based Environments. In: 10th IEEE Workshop on Computer Security Foundations, pp. 183–194 (1997)Google Scholar
  18. 18.
    Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)CrossRefGoogle Scholar
  19. 19.
    Knorr, K., Stormer, H.: Modeling and Analyzing Separation of Duties in Workflow Environments. In: 16th Int. Conf. on Information Security, pp. 199–212 (2001)Google Scholar
  20. 20.
    Schaad, A., Lotz, V., Sohr, K.: A Model-checking Approach to Analysing Organisational Controls in a Loan Origination Process. In: 11th ACM Symposium on Access Control Models and Technologies, pp. 139–149 (2006)Google Scholar
  21. 21.
    Nash, M.J., Poland, K.R.: Some Conundrums Concerning Separation of Duty. In: IEEE Symposium on Security and Privacy, pp. 201–207 (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • David Basin
    • 1
  • Samuel J. Burri
    • 1
    • 2
  • Günter Karjoth
    • 2
  1. 1.Department of Computer ScienceETH ZurichSwitzerland
  2. 2.Zurich Research LaboratoryIBM ResearchSwitzerland

Personalised recommendations