Separation-of-Duty (SoD) is a fundamental security principle for prevention of fraud and errors in computer security. It has been studied extensively in traditional access control models. However, the research of SoD policy in the recently proposed usage control (UCON) model has not been well studied. This paper formulates and studies the fundamental problem of static enforcement of static SoD (SSoD) policies in the context of UCONA, a sub-model of UCON only considering authorizations. Firstly, we define a set-based specification of SSoD policies, and the safety checking problem for SSoD in UCONA. Secondly, we study the problem of determining whether an SSoD policy is enforceable. Thirdly, we show that it is intractable (coNP-complete) to direct statically enforce SSoD policies in UCONA, while checking whether a UCONA state satisfies a set of static mutually exclusive attribute (SMEA) constraints is efficient, which provides a justification for using SMEA constraints to enforce SSoD policies. Finally, we introduce a indirect static enforcement for SSoD policies in UCONA. We show how to generate the least restrictive SMEA constraints for enforcing SSoD policies in UCONA, by using the attribute-level SSoD requirement as an intermediate step. The results are fundamental to understanding SSoD policies in UCON.

Secure access is one of the key concerns of wireless sensor networks (WSNs). In WSNs, because there are many dynamically mutable attributes, continuous access decisions and dynamic attribute updates should be important properties of access control. In addition, WSNs need low-complexity authentication protocols because of the constrained resources. However, the authentication protocols of most current security access schemes have relatively high complexity. More importantly, the access control models of existing schemes cannot provide attribute mutability and continuous decisions dynamically. To address above issues, we propose a dynamic secure access mechanism for WSNs. Firstly, we design a lightweight secure authentication protocol and dynamic access control based on security token and usage control (UCON), respectively. Then, the agent technology is adopted to implement the proposed secure access scheme. Secondly, we analyze the probability of the dynamic attribute update and decisions. Thirdly, we implement an instance of UCON. The implementation results indicate the feasibility of using UCON in WSNs. Finally, by evaluating and comparing with current schemes, the authentication protocol in our scheme presents several advantages including the low expenses in calculation, storage and communication. To our best knowledge, this paper is the first to realize next generation dynamic access control with attribute mutability and continuous decisions in WSNs.