Enforcing separation of duty in attribute based access control systems

Sadhana Jha, Shamik Sural, Vijayalakshmi Atluri, Jaideep Vaidya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations


Conventional access control models like discretionary access control and role based access control are suitable for regulating access to resources by known users of an organization. However, for systems where the user population is dynamic and the identities of all users are not known in advance, attribute based access control (ABAC) can be more conveniently used. The set of constraints supported by an access control model acts as a deciding factor for the type of restrictions it can put on unauthorized access. Among the various types of constraints, enforcement of Separation of Duty (SoD) is considered to be the most important in any commercial application. In this paper, we introduce the problem of SoD enforcement in the context of ABAC. We analyze the complexity of the problem and provide a methodology for solving it.Experiments on a wide range of data sets show encouraging results.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 11th International Conference, ICISS 2015, Proceedings
EditorsSushil Jajodia, Chandan Mazumdar
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783319269603
StatePublished - 2015
Event11th International Conference on Information Systems Security, ICISS 2015 - Kolkata, India
Duration: Dec 16 2015Dec 20 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other11th International Conference on Information Systems Security, ICISS 2015

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


  • Attribute based access control
  • Mutually exclusive policies
  • Policy enforcement
  • Separation of duty


Dive into the research topics of 'Enforcing separation of duty in attribute based access control systems'. Together they form a unique fingerprint.

Cite this