Conflict Detection and Resolution in Context-Aware Authorization

Pervasive computing environments introduce new requirements in expressiveness and flexibility of access control policies which are almost addressable leveraging contextual information. Although context-awareness augments the expressiveness of policies, it increases the probability of arising conflicts. Generally, context-aware authorizations are defined using some contextual constraints on the involved entities in an access request. Accordingly, principles like "more specific overrides", which are employed to resolve possible conflicts, are required to consider the contextual constraints. In this paper, we formalize the use of context constraints in a typical context-aware multi-authority policy model; each authority is capable of defining an expressive conflict resolution policy leveraging context-based precedence establishment principles. Based on the policy model, we propose a comprehensive graph-based approach to resolve conflicts. The strength of the approach is that conflict detection which requires context-based inference is almost done statically and resolution is left for run-time.