Impact of Multiple t-t SMER Constraints on Minimum User Requirement in RBAC

Abstract

Separation of Duty (SoD) constraints are widely used to specify Role Based Access Control (RBAC) policies in commercial applications. It has been shown previously that efficient implementation of SoD policies in RBAC can be done using t-t Statically Mutually Exclusive Roles (SMER) constraints. In this paper, we present a method for finding the minimum number of users required under multiple t-t SMER constraints. The problem is shown to be NP-complete. We model the general problem using graphs, and present a two-step method for solving it. In the first step, a greedy algorithm is proposed that selects a graph which is likely to have the minimum chromatic number out of a set of graphs. The second step uses a known chromatic number finding algorithm for determining the chromatic number of the graph selected in the first step. Results for different values of the number of roles and the number of constraints as well as for different values of t have been reported.