n South African Computer Journal - Conflict analysis as a means of enforcing static separation of duty requirements in workflow environments

Volume 2000, Issue 26
  • ISSN : 1015-7999
  • E-ISSN: 2313-7835



The increasing reliance on information technology to support business processes has emphasised the need for information security mechanisms. This, however, has resulted in an ever-increasing workload in terms of security administration. Policy-based approaches have been proposed, promising to lighten the workload of security administrators. Separation of duty is one of the principles cited as a requirement when setting up these policy-based mechanisms. Different types of separation of duty policies exist. They can be categorised into policies that can be enforced at administration time, viz. static separation of duty requirements and policies that can be enforced only at execution time, viz. dynamic separation of duty requirements. This paper deals with specifying static separation of duty requirements in role-based workflow environments. It proposes a mathematical model based on the concept of "Sconflicting entities"T to express static separation of duty requirements. It provides a detailed explanation of the integrity checking that must take place at administration time to ensure that specified separation of duty requirements are honoured.

Loading full text...

Full text loading...


Article metrics loading...


This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error