Abstract
Separation of Duty (SoD) is widely recognized to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER) constraints are used to enforce SSoD policies. This paper studies the problem of generating sets of constraints that (a) enforce a set of SSoD policies, (b) are compatible with the existing role hierarchy, and (c) are minimal in the sense that there is no other constraint set that is less restrictive and satisfies (a) and (b).