Open AccessHigh Level Conflict Management Strategies in Advanced Access Control Models
Author(s) -
Frédéric Cuppens,
Nora Cuppens-Boulahia,
Meriam Ben Ghorbel
Publication year - 2007
Publication title -
electronic notes in theoretical computer science
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.242
H-Index - 60
ISSN - 1571-0661
DOI - 10.1016/j.entcs.2007.01.064
Subject(s) - decidability , computer science , access control , inheritance (genetic algorithm) , action (physics) , control (management) , subject (documents) , object (grammar) , theoretical computer science , computer security , artificial intelligence , world wide web , biochemistry , chemistry , physics , quantum mechanics , gene
pecifying a security policy that includes both permissions and prohibitions, may lead to conflicts. This corresponds to a situation where a subject is both permitted and prohibited to perform a given action on a given object. We adopt a comparative approach to investigate this problem. We first investigate access control models based on rules, called Rule-BAC, and present weaknesses that arise when we try to manage conflicts in this model. In particular, Rule-BAC models fail to provide decidable solution to redundant rules and potential conflicts problems. Then, we show how a more structured model, say OR-BAC (Organization Based Access Control), gifted with inheritance mechanism make redundant rules and potential conflict problems tractable in polynomial time
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom