During the development of the security subsystem of modern information systems, a problem of the joint implementation of several access control models arises quite often. Traditionally, a request for the user's access to resources is granted in case of simultaneous access permission by all active security policies. When there is a conflict between the decisions of the security policies, the issue of granting access remains open. The proposed method of combining multiple security policies is based on the decision support algorithms and provides a response to the access request, even in case of various decisions of active security policies. To construct combining algorithm we determine a number of weight coefficients, use a weighted sum of the clearance levels of individual security policies and apply the analytic hierarchy process. The weight coefficients are adjustable parameters of the algorithm and allow administrator to manage the impact of the various security rules flexibly.
[1]
Sergey V. Belim,et al.
An analysis of graphs that represent a role-based security policy hierarchy
,
2015,
J. Comput. Secur..
[2]
Taflan I. Gündem,et al.
A Fine-Grained Access Control System Combining MAC and RBACK Models for XML
,
2008,
Informatica.
[3]
André Zúquete,et al.
SPL: An Access Control Language for Security Policies and Complex Constraints
,
2001,
NDSS.
[4]
K. A. Shcheglov,et al.
New Approach to Data Securing in Information System
,
2015
.
[5]
Matt Bishop,et al.
Applying the Take-Grant Protection Model
,
1990
.
[6]
Dale L. Lunsford,et al.
The CRUD Security Matrix : A Technique for Documenting Access Rights
,
2008
.