Abstract
Conflict detection is an important issue of the Access Control Policy. Most conflict detection tools mainly focus on the two rules that have contrary actions, but there are also other rules which are necessary to the conflict situation, which is not considered in these tools. This paper defines all these rules related to the conflict situation as the concept “conflict-related rules”, and gives a conflict-related rules detection tool for Access Control Policy which can report the conflict situation more comprehensively. By giving the semantics model of the access control policy and the definition of conflict, we prove the necessary and sufficient condition of conflict, and then give the concept of “conflict-related rules” and deduce its extension. We implement conflict-related rules detection tool based on the description logic, and the experiment results validate the tool’s correctness and effectiveness. The results of the correctness experiment showed that instead of detecting the two rules with opposite actions only, it detected all the conflict-related rules for access control policy; the results of the effectiveness experiment showed that our tool’s response performance is better than VPN based tools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sandhu, R., Ferraiolo, D.F., Kuhn, D.R.: The NIST Model for Role Based Access Control: Toward a Unified Standard. In: 5th ACM Workshop on Role Based Access Control, pp. 47–63. ACM Press (2000)
Doconta, M.C.: A guide to the future of xml, web services, and knowledge management. China Science and Technology Press, Beijing (2009)
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering 25(6), 852–869 (1999)
Heilili, N., Chen, Y., et al.: An OWL-based approach for RBAC with negative authorization. Knowledge Science, Engineering and Management 4092, 164–175 (2006)
Lu, J., Li, R., Varadharajan, V., Lu, Z., Ma, X.: Secure Interoperation in Multi-domain Environments Employing UCON Policies. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 395–402. Springer, Heidelberg (2009)
Moon, C.-J., Paik, W., Kim, Y.-G., Kwon, J.-H.: The conflict detection between permission assignment constraints in role-based access control. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 265–278. Springer, Heidelberg (2005)
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multi-domain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering 17(11), 1557–1577 (2005)
Ni, Q.: Privacy-aware role-based access control. ACM Transactions on Information and System Security (TISSEC) 13(3), 1–31 (2010)
Huang, F., Huang, Z., Liu, L.: A DL-based method for access control policy conflict detecting. In: Internetware 2009, pp. 1–5. ACM, USA (2009)
Mohan, A., Blough, D.M.: Detection of Conflicts and Inconsistencies in Taxonomy-based Authorization Policies. In: 2011 IEEE International Conference on Bioinformatics and Biomedicine, GA, Atlanta, pp. 590–594.
Mansor, A.A., et al.: Policy-based approach to detect and resolve policy conflict for static and dynamic architecture. Journal of Theoretical and Applied Information Technology 37(2), 268–278 (2012)
Radi, A., et al.: On the three levels security policy comparison between SVM and decision trees. Journal of Theoretical and Applied Information Technology 35(1), 56–68 (2012)
Huang, H., Kirchner, H.: Formal specification and verification of modular security policy based on colored petri nets. IEEE Transactions on Dependable and Secure Computing 8(6), 852–865 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liang, X., Lv, L., Xia, C., Luo, Y., Li, Y. (2013). A Conflict-Related Rules Detection Tool for Access Control Policy. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds) Frontiers in Internet Technologies. Communications in Computer and Information Science, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53959-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-53959-6_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-53958-9
Online ISBN: 978-3-642-53959-6
eBook Packages: Computer ScienceComputer Science (R0)
