Minimum user requirement in Role Based Access Control with Separation of Duty constraints

Abstract

Constraints, specifically Separation of Duty (SoD) constraints, constitute an essential component for specifying Role Based Access Control (RBAC) policies. While it has been shown earlier that SoD constraints can be effectively represented using a set of t - t Statically Mutually Exclusive Roles (SMER) constraints, this paper presents a method for finding minimum number of users under multiple SMER constraints. We show that one way of solving the problem is to evaluate chromatic numbers for a set of graphs. However, since exhaustive search is computationally quite expensive, we present a genetic algorithm formulation of the problem. Each chromosome is a string of positive integers within a certain range and its length equals the number of t-t SMER constraints in the system. We report our results for different values of the number of roles and the number of constraints and also for different values of t.