{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:14:59Z","timestamp":1750306499653,"version":"3.41.0"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2015,9,13]],"date-time":"2015-09-13T00:00:00Z","timestamp":1442102400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2015,10]]},"abstract":"<jats:p>Large systems are complex and typically need automatic configuration to be managed effectively. In any organization, numerous tasks have to be carried out by employees. However, due to security needs, it is not feasible to directly assign any existing task to the first available employee. In order to meet many additional security requirements, constraints such as separation of duty, cardinality and binding have to be taken into consideration. Meeting these requirements imposes extra burden on organizations, which, however, is unavoidable in order to ensure security. While a trivial way of ensuring security is to assign each user to a single task, business organizations would typically like to minimize their costs and keep staffing requirements to a minimum. To meet these contradictory goals, we define the problem of Cardinality Constrained-Mutually Exclusive Task Minimum User Problem (CMUP), which aims to find the minimum users that can carry out a set of tasks while satisfying the given security constraints. We show that the CMUP problem is equivalent to a constrained version of the weak chromatic number problem in hypergraphs, which is NP-hard. We, therefore, propose a greedy solution. Our experimental evaluation shows that the proposed algorithm is both efficient and effective.<\/jats:p>","DOI":"10.1145\/2811269","type":"journal-article","created":{"date-parts":[[2015,9,15]],"date-time":"2015-09-15T12:09:15Z","timestamp":1442318955000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Minimizing Organizational User Requirement while Meeting Security Constraints"],"prefix":"10.1145","volume":"6","author":[{"given":"Arindam","family":"Roy","sequence":"first","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, India"}]},{"given":"Shamik","family":"Sural","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, India"}]},{"given":"Arun Kumar","family":"Majumdar","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, India"}]},{"given":"Jaideep","family":"Vaidya","sequence":"additional","affiliation":[{"name":"Rutgers University, USA"}]},{"given":"Vijayalakshmi","family":"Atluri","sequence":"additional","affiliation":[{"name":"Rutgers University, USA"}]}],"member":"320","published-online":{"date-parts":[[2015,9,13]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.4236\/iim.2015.71004"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295154"},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"D. E. Bell and L. J. Lapadula. 1976. Secure computer system: Unified exposition and multics interpretation. Electronic Systems Division Air Force Systems Command Hanscom Field Bedford MA 01731 (1976). Technical Report. http:\/\/csrc.nist.gov\/publications\/history\/bell76.pdf.  D. E. Bell and L. J. Lapadula. 1976. Secure computer system: Unified exposition and multics interpretation. Electronic Systems Division Air Force Systems Command Hanscom Field Bedford MA 01731 (1976). Technical Report. http:\/\/csrc.nist.gov\/publications\/history\/bell76.pdf.","DOI":"10.21236\/ADA023588"},{"key":"e_1_2_1_4_1","volume-title":"Hypergraphs: Combinatorics of Finite Sets. North-Holland.","author":"Berge C.","year":"1989","unstructured":"C. Berge . 1989 . Hypergraphs: Combinatorics of Finite Sets. North-Holland. C. Berge. 1989. Hypergraphs: Combinatorics of Finite Sets. North-Holland."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300837"},{"volume-title":"Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194","author":"Clark D. D.","key":"e_1_2_1_6_1","unstructured":"D. D. Clark and D. R. Wilson . 1987. A comparison of commercial and military computer security policies . In Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194 . D. D. Clark and D. R. Wilson. 1987. A comparison of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1063986"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487222.2487226"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0012-365X(00)00006-6"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377838"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2445566.2445567"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.002"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2309117"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/266741.266749"},{"volume-title":"Handbook of Scheduling: Algorithms, Models, and Performance Analysis","author":"Leung J. Y. T.","key":"e_1_2_1_16_1","unstructured":"J. Y. T. Leung . 2004. Handbook of Scheduling: Algorithms, Models, and Performance Analysis . CRC Press . J. Y. T. Leung. 2004. Handbook of Scheduling: Algorithms, Models, and Performance Analysis. CRC Press."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1237500.1237501"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.21"},{"volume-title":"Proceedings of the 5th Annual Computer Security Applications Conference. 131--139","author":"Miller D. V.","key":"e_1_2_1_19_1","unstructured":"D. V. Miller and R. W. Baldwin . 1990. Access control by Boolean expression evaluation . In Proceedings of the 5th Annual Computer Security Applications Conference. 131--139 . D. V. Miller and R. W. Baldwin. 1990. Access control by Boolean expression evaluation. In Proceedings of the 5th Annual Computer Security Applications Conference. 131--139."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1002\/rsa.v35:2"},{"volume-title":"Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391","author":"Roy A.","key":"e_1_2_1_21_1","unstructured":"A. Roy , S. Sural , and A. K. Majumdar . 2012. Minimum user requirement in role based access control with separation of duty constraints . In Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391 . A. Roy, S. Sural, and A. K. Majumdar. 2012. Minimum user requirement in role based access control with separation of duty constraints. In Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391."},{"volume-title":"Proceedings of the 10th International Conference on Information Systems Security. 109--128","author":"Roy A.","key":"e_1_2_1_22_1","unstructured":"A. Roy , S. Sural , and A. K. Majumdar . 2014. Impact of multiple t-t SMER constraints on minimum user requirement in RBAC . In Proceedings of the 10th International Conference on Information Systems Security. 109--128 . A. Roy, S. Sural, and A. K. Majumdar. 2014. Impact of multiple t-t SMER constraints on minimum user requirement in RBAC. In Proceedings of the 10th International Conference on Information Systems Security. 109--128."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1002\/jgt.3190090307"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/800214.806557"},{"volume-title":"Proceedings of the Computer Security Foundations Workshop. 66--79","author":"Thomas R. K.","key":"e_1_2_1_26_1","unstructured":"R. K. Thomas and R. S. Sandhu . 1994. Conceptual foundations for a model of task-based authorizations . In Proceedings of the Computer Security Foundations Workshop. 66--79 . R. K. Thomas and R. S. Sandhu. 1994. Conceptual foundations for a model of task-based authorizations. In Proceedings of the Computer Security Foundations Workshop. 66--79."},{"volume-title":"Proceedings of the IFIP International Conference on Data and Application Security and Privacy. 166--181","author":"Thomas R. K.","key":"e_1_2_1_27_1","unstructured":"R. K. Thomas and R. S. Sandhu . 1997. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management . In Proceedings of the IFIP International Conference on Data and Application Security and Privacy. 166--181 . R. K. Thomas and R. S. Sandhu. 1997. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP International Conference on Data and Application Security and Privacy. 166--181."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266870"},{"volume-title":"Proceedings of the 12th European Symposium on Research in Computer Security. 90--105","author":"Wang Q.","key":"e_1_2_1_29_1","unstructured":"Q. Wang and N. Li . 2007. Satisfiability and resiliency in workflow systems . In Proceedings of the 12th European Symposium on Research in Computer Security. 90--105 . Q. Wang and N. Li. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the 12th European Symposium on Research in Computer Security. 90--105."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1880022.1880034"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2744207"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2008.919168"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2811269","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2811269","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:49Z","timestamp":1750225729000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2811269"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,9,13]]},"references-count":32,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,10]]}},"alternative-id":["10.1145\/2811269"],"URL":"https:\/\/doi.org\/10.1145\/2811269","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"type":"print","value":"2158-656X"},{"type":"electronic","value":"2158-6578"}],"subject":[],"published":{"date-parts":[[2015,9,13]]},"assertion":[{"value":"2014-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-09-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}