Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
IEEE Transactions on Software Engineering
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A stratification-based approach for handling conflicts in access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Authorization in Distributed Systems: A Formal Approach
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Policy-Based Network Management: Solutions for the Next Generation (The Morgan Kaufmann Series in Networking)
Authorisation and Conflict Resolution for Hierarchical Domains
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
A cautionary note about policy conflict resolution
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Hi-index | 0.00 |
Managing security in distributed systems requires flexible and expressive authorisation models with support for conflict resolution. Models need to be hierarchical but also non-monotonic supporting both positive and negative authorisations. In this paper, we present an approach to resolve the authorisation conflicts that inevitably occur in such models, with administrator specified conflict resolution strategies (rules). Strategies can be global or applied to specific parts of a system and dynamically loaded for different applications. We use Courteous Logic Programs (CLP) for the specification and enforcement of strategies. Authorisation policies are translated into labelled rules in CLP and prioritised. The prioritisation is regulated by simple override rules specified or selected by administrators. We demonstrate the capabilities of the approach by expressing the conflict resolution strategy for a moderately complex authorisation model that organises subjects and objects hierarchically.