The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Protection in operating systems
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Conflict Detection and Resolution in Access Control Policy Specifications
FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
WWW '03 Proceedings of the 12th international conference on World Wide Web
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Merging Security Policies: Analysis of a Practical Example
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Compact Access Control Labeling for Efficient Secure XML Query Evaluation
ICDEW '05 Proceedings of the 21st International Conference on Data Engineering Workshops
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Hybrid authorizations and conflict resolution
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
Hi-index | 0.00 |
While some authorization models support either positive or negative authorizations, hybrid frameworks take advantage of both authorizations. Resolving authorization conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies and the diversity of ways to combine resolution policies. Some researchers have addressed conflict resolution for tree-structured hierarchies, and others have applied a simple conflict resolution policy. The challenge is to combine several policies and to support sophisticated structures in one single framework. This paper proposes a unified framework together with a single parametric algorithm that supports all the legitimate combinations simultaneously, based on four conflict resolution policies. We validate our approach by testing the algorithm against both real data and synthetic examples to provide extensive experimental results.