Abstract
A high-level security policy states an overall safety requirement for a sensitive task. One example of
a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. Recently, Li and Wang proposed an algebra for specifying a wide range
of high-level security policies with both qualification and quantity requirements on users who perform
a task. In this paper, we study the problem of direct static enforcement of high-level security policies
expressed in this algebra. We formally define the notion of a static safety policy, which requires that every set of users together having all permissions needed to complete a sensitive task must contain a
subset that satisfies the corresponding security requirement expressed as a term in the algebra. The static safety checking problem asks whether an access control state satisfies a given high-level policy. We study several computational problems related to the static safety checking problem, and design and evaluate an algorithm for solving the problem.