Conflicts analysis and resolution for access control policies

Author

Wang, Yigong ; Zhang, Hongqi ; Dai, Xiangdong ; Liu, Jiang

Author_Institution

Henan Key Lab. of Inf. Security, Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China

fYear

2010

fDate

17-19 Dec. 2010

Firstpage

264

Lastpage

267

Abstract

Access control is the central mechanism for achieving security requirements in information systems. The guarantee of the security requirements, described by access control policies (ACPs), cannot be obtained when there exist conflicts in ACPs. In this paper, we propose an improved access control model that is flexible and effective for conflict analysis of ACPs. We analyze three types of policy conflicts in this model, which are modality conflict, redundancy conflict and potential conflict, and then the respective resolution methods are proposed. Finally, we prove that these methods can effectively resolve conflicts in ACPs, and that after resolving the potential conflicts, the policies cannot derive any actual conflict.

Keywords

authorisation; information systems; ACP; access control model; access control policy; central mechanism; conflict resolution; conflicts analysis; information systems; modality conflict; potential conflict; redundancy conflict; security requirements; Analytical models; Authorization; Computer architecture; Information systems; Redundancy; access control policy; conflict analysis; conflict resolution; policy conflict;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-6942-0

Type

conf

DOI

10.1109/ICITIS.2010.5689459

Filename

5689459