Explanations and Relaxations for Policy Conflicts in Physical Access Control

Physical access control policies define sets of rulesthat govern people´s access to physical resources such asrooms and buildings. While simple decision-precedence can be used to reconcile different rules that result in conflicting access decisions, the presence of rule conflicts and other rule anomalies can make it difficult for a policy-administrator to comprehend and effectively manage complex policies. In this paper we are concerned with discovering conflicts and computing relaxations of access policies in order to eliminate conflicting rule instances. We propose several SAT based encodings in which these rule conflicts and anomalies areexpressed as explanation style problems. Relaxation techniques are in turn used to eliminate these anomalies by recommending what rules have to be revoked or what permissions have to beremoved from which rules. Moreover, we discuss a relaxation strategy that preserves most of the access constraints of theoriginal policy. Finally we provide a preliminary performancestudy of our techniques. Our approach is applicable to access control policies in general.