Abstract
A separation of duty policy requires a sensitive task to be performed by a team of at least k users.
It states a high-level requirement about the task without the need to refer to individual steps in the task.
While extremely important and widely used, separation of duty policies cannot capture qualification
requirements on users involved in the task. In this paper, we introduce a novel algebra that enables the
specification of high-level policies that combine user qualification requirements with separation of duty
considerations. A high-level policy associates a task with a term in the algebra and requires that all
sets of users that perform the task satisfy the term. Our algebra has four operators. We give the syntax
and semantics of the algebra and study algebraic properties of these operators. We also study several
computational problems related to the algebra. As our algebra is about the general concept of sets of
sets, we conjecture that it will prove to be useful in other contexts as well.