Abstract
Whilesome authorization models support either positive or negative authorizations, hybrid frameworks take advantage of both authorizations. Resolving authorization conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies and the diversity of ways to combine resolution policies. Some researchers have addressed conflict resolution for tree-structured hierarchies, and others have applied a simple conflict resolution policy. The challenge is to combine several policies and to support sophisticated structures in one single framework. This paper proposes a unified framework together with a single parametric algorithm that supports all the legitimate combinations simultaneously, based on four conflict resolution policies. We validate our approach by testing the algorithm against both real data and synthetic examples to provide extensive experimental results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization for relational data management systems. ACM Transactions on Information Systems 17(2), 101–140 (1999)
Chinaei, A.H., Zhang, H.: Hybrid authorizations and conflict resolution. In: Jonker, W., Petković, M. (eds.) SDM 2006. LNCS, vol. 4165, pp. 131–145. Springer, Heidelberg (2006)
Cuppens, F., Cholvy, L., Saurel, C., Carrere, J.: Merging Security Policies: Analysis of a Practical Example. In: Proceedings of the 11th Computer Security Foundations Workshop, pp. 123–136 (1998)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transaction on Information and System Security 5(2), 169–202 (2002)
Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: Proceeding of the 15th NIST-NCST National Computer Security Conference, pp. 554–563 (1992)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of ACM 19(8), 461–471 (1976)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
Joshi, J., Bertino, E., Sahfiq, B., Ghafoor, A.: Dependencies and Separation of Duty Constraints in GTRBAC. In: Proceeding of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 51–64. ACM Press, New York (2003)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Conflict Detection and Resolution in Access Control Specifications. In: Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures, pp. 223–237 (2002)
Lampson, B.W.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (March 1971)
Mignet, L., Barbosa, D., Veltri, P.: The XML Web: A First Study. In: Proceedings of the International World Wide Web Conference, pp. 500–510 (2003)
Moses, T.: eXtensible Access Control Markup Language Version 2.0, Technical Report, OASIS (February 2005)
Nyanchama, M., Osborn, S.L.: The Role Graph Model and Conflict of Interest. ACM Transaction on Information Systems Security 2(1), 3–33 (1999)
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed Accessibility Map: Efficient Access Control for XML. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 478–489. Springer, Heidelberg (2003)
Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact Access Control Labeling for Efficient Secure XML Query Evaluation. In: Proceedings of the 2nd International Workshop on XML Schema and Data Management (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chinaei, A.H., Chinaei, H.R., Tompa, F.W. (2007). A Unified Conflict Resolution Algorithm. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-75248-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75247-9
Online ISBN: 978-3-540-75248-6
eBook Packages: Computer ScienceComputer Science (R0)