Introduction#Separation of duty (SoD) is an important security principle used for prevention of fraud and errors. It is used to enforce conflict of interest policies, requiring that two or more different users be responsible for the completion of a task or set of related tasks.
Why it is Needed#The purpose of Separation of Duty in RBAC is " to ensure that failures of omission or commission within an organization are caused only as a result of collusion among individuals. To minimize the likelihood of collusion, individuals of different skills or divergent interests are assigned to separate tasks required in the performance of a business function. The motivation is to ensure that fraud and major errors cannot occur without deliberate collusion of multiple users "
The simplest form of the SoD principle states that, if a sensitive task is comprised of two steps, then different users should perform different steps. Generally, when a sensitive task is comprised of n steps, an SoD policy requires the cooperation of at least k (for some k ≤ n) different users to complete the task.
- (1) ordering the goods and recording the details of the order;
- (2) recording the arrival of the invoice and verifying that the details on the invoice match the details of the order;
- (3) verifying that the goods have been received, and the features of the goods match the details on the invoice;
- (4) authorizing the payment to the supplier against the invoice .
One may require that (a) at least three users cooperation is needed to perform all four steps, and (b) two different users perform steps (1) and (4) (i.e., no single user can order goods and authorize payment for them).
- [#1] ANSI. American National Standard for Information Technology- Role Based Access Control, ANSI INCITS 359-2004, 2004
- [#2] N. Li, Z. Bizri, and M. V. Tripunitara, On mutuallyexclusive roles and separation of duty, In Proceedings of the 11th ACM conference on Computer and communications security, pp. 42-51 ,Washington DC, USA ,2004.