A Novel Permission Hierarchy for RBAC for Dealing with SoD in MAC Models

Abstract

Separation of duty (SoD) is a fundamental principle of computer security that has not been addressed sufficiently in multi-level security (MLS) mandatory access control (MAC) models, as realized through the adoption of the Bell-LaPadula (BLP) model. This is due to the lack of means at present to express SoD constraints in MAC. The primary objective of this paper is to overcome this but within a framework that allows for rigour and linguistic features to express SoD constraints, while retaining the core security properties of BLP, namely the Simple Security Property and ★-Property. To this end, we propose a formal framework which bridges the BLP model with the more general hierarchical role-based access control (RBAC) model. Our framework is based on a hierarchy of permissions that is founded on a novel concept of permission capacity, determined on the basis of the security levels that characterize objects in MLS models. Such a hierarchy naturally provides a solid basis for defining role seniority and deriving a hierarchical ordering on roles within MLS models. SoD constraints are expressed by means of conflicting permissions that give rise to mutually exclusive roles.