Separation of duties as a service

Abstract

We introduce the concept of Separation of Duties (SoD) as a Service, an approach to enforcing SoD requirements on workows and thereby preventing fraud and errors. SoD as a Service facilitates a separation of concern between business experts and security professionals. Moreover, it allows enterprises to address the need for internal controls and to quickly adapt to organizational, regulatory, and technological changes. In this paper, we describe an implementa- tion of SoD as a Service, which extends a widely used, commercial workow system, and discuss its performance. We present a drug dispensation workow deployed in a hospital as case study to demonstrate the feasibility and benefits of our proof-of-concept implementation. Copyright 2011 ACM.