Conflict Detection Model of Access Control Policy in Collaborative Environment

Cross-domain interoperation based on role-mapping increasingly becomes a representative research field of collaborative environment. However, in this collaborative environment, there would still be more permission or less than the role of role-mapping policy required when authorization, this situation can not be completely avoided. This disaccord will result in conflict of access control policies (ACPs) in collaborative domains, and ultimately lead to unauthorized access to resources in autonomy domains. A new method is presented to detect the conflict between access control policies in collaborative environment automatically. The ACPs conflict detection model (ACPCDM) is established, the termination of ACPCDM is proved by the putdown automation, and the prototype system is implemented. At last, we validate the validity of this method with experiments, the result of the experiments shows that the analysis report of conflict can not only detect if there is conflict, but also figure out the conflict type, the causes and location of the conflict. So it is much easier for administer in each domain to resolve the conflict.

[1]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[2]  Zhengping Wu,et al.  Automatic policy conflict analysis for cross-domain collaborations using semantic temporal logic , 2009, 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[3]  Jason Crampton,et al.  Inter-domain role mapping and least privilege , 2007, SACMAT '07.

[4]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.

[5]  Wang Yazhe and Feng Dengguo A Survey of Research on Inter-Domain Authorization Interoperation , 2010 .

[6]  Brendan Jennings,et al.  Application domain independent policy conflict analysis using information models , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[7]  Xie Li,et al.  A DAG-Based Security Policy Conflicts Detection Method , 2005 .

[9]  Feng Huang,et al.  A DL-based method for access control policy conflict detecting , 2009, Internetware.

[10]  Isabel F. Cruz,et al.  An interoperation framework for secure collaboration among organizations , 2010, SPRINGL '10.

[11]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[12]  Brendan Jennings,et al.  On harnessing information models and ontologies for policy conflict analysis , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[13]  Maurizio Lenzerini,et al.  Data integration: a theoretical perspective , 2002, PODS.

[14]  Brendan Jennings,et al.  Efficient Policy Conflict Analysis for Autonomic Network Management , 2008, Fifth IEEE Workshop on Engineering of Autonomic and Autonomous Systems (ease 2008).

[15]  Wang Ya A Conflict and Redundancy Analysis Method for XACML Rules , 2009 .