{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T15:06:24Z","timestamp":1772809584722,"version":"3.50.1"},"reference-count":27,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2009,4,1]],"date-time":"2009-04-01T00:00:00Z","timestamp":1238544000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2009,4]]},"abstract":"\n We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any\n s<\/jats:italic>\n users, there should still exist\n d<\/jats:italic>\n disjoint sets of users such that the users in each set together possess certain permissions of interest. Such a policy ensures that even when emergency situations cause some users to be absent, there still exist independent teams of users that have the permissions necessary for carrying out critical tasks. The Resiliency Checking Problem determines whether an access control state satisfies a given resiliency policy. We show that the general case of the problem and several subcases are intractable (\n NP<\/jats:bold>\n -hard), and identify two subcases that are solvable in linear time. For the intractable cases, we also identify the complexity class in the polynomial hierarchy to which these problems belong. We discuss the design and evaluation of an algorithm that can efficiently solve instances of nontrivial sizes that belong to the intractable cases of the problem. Furthermore, we study the consistency problem between resiliency policies and static separation of duty policies. Finally, we combine the notions of resiliency and separation of duty to introduce the resilient separation of duty policy, which is useful in situations where both fault-tolerance and fraud-prevention are desired.\n <\/jats:p>","DOI":"10.1145\/1513601.1513602","type":"journal-article","created":{"date-parts":[[2009,5,19]],"date-time":"2009-05-19T16:47:42Z","timestamp":1242751662000},"page":"1-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Resiliency Policies in Access Control"],"prefix":"10.1145","volume":"12","author":[{"given":"Ninghui","family":"Li","sequence":"first","affiliation":[{"name":"Purdue University"}]},{"given":"Qihua","family":"Wang","sequence":"additional","affiliation":[{"name":"Purdue University"}]},{"given":"Mahesh","family":"Tripunitara","sequence":"additional","affiliation":[{"name":"Motorola Labs"}]}],"member":"320","published-online":{"date-parts":[[2009,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382913"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP\u201987)","author":"Clark D. D."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775419"},{"key":"e_1_2_1_4_1","unstructured":"Du D. Gu J. and Pardalos P. M. Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science 35. AMS Press. Du D. Gu J. and Pardalos P. M. Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science 35 . AMS Press."},{"key":"e_1_2_1_5_1","unstructured":"Garey M. R. and Johnson D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company. Garey M. R. and Johnson D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness . W. H. Freeman and Company."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of IEEE Symposium on Research in Security and Privacy (SP\u201998)","author":"Gligor V. D."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1478873.1478928"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/501963.501966"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS\u201902)","author":"Koch M."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/545186.545191"},{"key":"e_1_2_1_12_1","volume-title":"Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems (CISS\u201971)","author":"Lampson B. W.","year":"1971"},{"key":"e_1_2_1_13_1","unstructured":"Le Berre D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http:\/\/www.sat4j.org\/. Le Berre D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http:\/\/www.sat4j.org\/."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030091"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/829515.830559"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/990036.990058"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/322017.322025"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of IEEE Symposium on Research in Security and Privacy (SP\u201990)","author":"Nash M. J."},{"key":"e_1_2_1_19_1","unstructured":"Papadimitriou C. H. 1994. Computational Complexity. Addison Wesley Longman. Papadimitriou C. H. 1994. Computational Complexity . Addison Wesley Longman."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the International Federation Information Processing WG11","author":"Sandhu R.","year":"1990"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/42282.42286"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.1988.113349"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/882488.884182"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 10th Computer Security Foundations Workshop (CSFW\u201997)","author":"Simon T. T."},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the European Symposium on Research in Computer Security (ESORICS\u201907)","author":"Wang Q."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1513601.1513602","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1513601.1513602","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:57:58Z","timestamp":1750255078000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1513601.1513602"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,4]]},"references-count":27,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2009,4]]}},"alternative-id":["10.1145\/1513601.1513602"],"URL":"https:\/\/doi.org\/10.1145\/1513601.1513602","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,4]]},"assertion":[{"value":"2007-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-04-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}