U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems

Published

Author(s)

David R. Kuhn

Abstract

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent that MLS system properties have. This paper explores some aspects of mutual exclusion of roles as a means of implementing separation of duty policies, including a safety property for separation of duty; relationships between different types of exclusion rules; properties of mutual exclusion for roles; constraints on the role hierarchy introduced by mutual exclusion rules; and necessary and sufficient conditions for the safety property to hold. Results have implications for implementing separation of duty controls through mutual exclusion of roles, and for comparing mutual exclusion with other means of implementing separation of duty policies.
Proceedings Title
Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97)
Conference Dates
November 6-7, 1997
Conference Location
Fairfax, VA
Conference Title
Second ACM Workshop on Role-Based Access Control (RBAC '97)
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/266741.266749

Keywords

access control, RBAC, Role-Based Access Control, separation of duty
Cybersecurity

Citation

Kuhn, D. (1997), Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems, Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97), Fairfax, VA, [online], https://doi.org/10.1145/266741.266749 (Accessed April 26, 2024)

Created November 7, 1997, Updated November 10, 2018