Skip to main content
SpringerLink
Log in

Hybrid Authorizations and Conflict Resolution

  • Conference paper
Secure Data Management (SDM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4165))

Included in the following conference series:

Abstract

Numerous authorization models have been proposed in recent years. While some models support either positive or negative authorizations, hybrid models take advantage of both authorizations simultaneously. However, resolving authorization conflicts is quite a challenge in such models due to the existence of sophisticated hierarchies and diversity of types of resolution strategies. There are works that have addressed conflict resolution for tree-structured subject hierarchies. Yet, no widespread framework has been proposed for graph-based structures. A widespread resolution framework ought to provide several resolution strategies and to support sophisticated structures. Our attempt is to define such a framework. In particular, our framework resolves conflicts for subject hierarchies that form directed acyclic graphs. It also unites major resolution policies in a novel way by which thirty-two combined strategies are simultaneously expressed. We also provide parametric algorithms to support the strategies and to justify the framework with our analysis and experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aho, A.V., Garey, M.R., Ullman, J.D.: The Transitive Reduction of a Directed Graph. SIAM Journal on Computing 1, 131–137 (1972)

    Article  MATH  MathSciNet  Google Scholar 

  2. Bertino, E., Jajodia, S., Samarati, P.: A Flexible Authorization for Relational Data Management Systems. ACM Transactions on Information Systems 17(2), 101–140 (1999)

    Article  Google Scholar 

  3. Cuppens, F., Cholvy, L., Saurel, C., Carrere, J.: Merging Security Policies: Analysis of a Practical Example. In: Proceedings of the 11th Computer Security Foundations Workshop, pp. 123–136 (1998)

    Google Scholar 

  4. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transaction on Information and System Security 5(2), 169–202 (2002)

    Article  Google Scholar 

  5. Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: Proceeding of the 15th NIST-NCST National Computer Security Conference, pp. 554–563 (October 1992)

    Google Scholar 

  6. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of ACM 19(8), 461–471 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  7. Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Side-botham, R.N., West, M.J.: Scale and Performance in a Distributed File System. ACM Transactions on Computer Systems 6(1), 51–81 (1988)

    Article  Google Scholar 

  8. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  9. Joshi, J., Bertino, E., Sahfiq, B., Ghafoor, A.: Dependencies and Separation of Duty Constraints in GTRBAC. In: Proceeding of the 8th ACM Symposium on Access Control Models and Technologies, pp. 51–64 (June 2003)

    Google Scholar 

  10. Koch, M., Mancini, L.V., Parisi-Presicce, F.: Conflict Detection and Resolution in Access Control Specifications. In: Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures, pp. 223–237 (2002)

    Google Scholar 

  11. Lampson, B.W.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (March 1971)

    Google Scholar 

  12. Mignet, L., Barbosa, D., Veltri, P.: The XML Web: A First Study. In: Proceedings of the International World Wide Web Conference, pp. 500–510 (2003)

    Google Scholar 

  13. Moses, T.: eXtensible Access Control Markup Language Version 2.0. Technical Report, OASIS (February 2005)

    Google Scholar 

  14. Nyanchama, M., Osborn, S.L.: The Role Graph Model and Conflict of Interest. ACM Transaction on Information Systems Security 2(1), 3–33 (1999)

    Article  Google Scholar 

  15. Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed Accessibility Map: Efficient Access Control for XML. In: Proceeding of the 28th International Conference on Very Large Data Bases, pp. 478–489 (2002)

    Google Scholar 

  16. Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact Access Control Labeling for Efficient Secure XML Query Evaluation. In: Proceedings of the 2nd International Workshop on XML Schema and Data Management (April 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. David R. Cheriton School of Computer Science, University of Waterloo, 200 University Ave. W, Waterloo, ON, N2L3G1, Canada

    Amir H. Chinaei & Huaxin Zhang

Authors
  1. Amir H. Chinaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huaxin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Philips Research, The Netherlands

    Willem Jonker

  2. Philips Research, Information & System Security, High Tech Campus 37 (WY 71), 5656, Eindhoven, AE, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chinaei, A.H., Zhang, H. (2006). Hybrid Authorizations and Conflict Resolution. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2006. Lecture Notes in Computer Science, vol 4165. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11844662_10

Download citation

  • DOI: https://doi.org/10.1007/11844662_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38984-2

  • Online ISBN: 978-3-540-38987-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation