Research on multilevel security access control policy processing method

Access control is one of the most important means to protect the resources of multilevel security systems. So to make sure the authorization of multilevel security access control can be legally enforced, the access control policies must be correct and complete. Based on the implicit hierarchical relations between subjects and objects in multilevel security access control systems, this paper gives a method to build a unified directed acyclic graph(DAG) model (including both subjects and objects), using the partial orders based on sets. This method is easier to realize and is more utility for designing the access control model. Also based on partially ordered set, this paper proposes the algorithms for detecting policy conflicts and incomplete policies, which is embedding in the process of building DAG model. In the end, this paper verifies the correctness of the algorithm by experiment.