A Unified Conflict Resolution Algorithm

While some authorization models support either positive or negative authorizations, hybrid frameworks take advantage of both authorizations. Resolving authorization conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies and the diversity of ways to combine resolution policies. Some researchers have addressed conflict resolution for tree-structured hierarchies, and others have applied a simple conflict resolution policy. The challenge is to combine several policies and to support sophisticated structures in one single framework. This paper proposes a unified framework together with a single parametric algorithm that supports all the legitimate combinations simultaneously, based on four conflict resolution policies. We validate our approach by testing the algorithm against both real data and synthetic examples to provide extensive experimental results.

[1]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[2]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[3]  Laks V. S. Lakshmanan,et al.  Compressed Accessibility Map: Efficient Access Control for XML , 2002, VLDB.

[4]  Frédéric Cuppens,et al.  Merging security policies: analysis of a practical example , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[5]  Kenneth Salem,et al.  Compact access control labeling for efficient secure XML query evaluation , 2007, Data Knowl. Eng..

[6]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[7]  Luigi V. Mancini,et al.  Conflict Detection and Resolution in Access Control Policy Specifications , 2002, FoSSaCS.

[8]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[9]  Stéphane Bressan,et al.  Efficiency and Effectiveness of XML Tools and Techniques and Data Integration over the Web , 2003, Lecture Notes in Computer Science.

[10]  Denilson Barbosa,et al.  The XML web: a first study , 2003, WWW '03.

[11]  Elisa Bertino,et al.  Dependencies and separation of duty constraints in GTRBAC , 2003, SACMAT '03.

[12]  Huaxin Zhang,et al.  Hybrid Authorizations and Conflict Resolution , 2006, Secure Data Management.

[13]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.