A unified conflict resolution algorithm

Authors:
Amir H. Chinaei;Hamid R. Chinaei;Frank Wm. Tompa
Affiliations:
David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada;David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada;David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada
Venue:
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Year:
2007

Citing 12
Cited 0

The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems

ACM Transactions on Information Systems (TOIS)
Protection in operating systems

Communications of the ACM
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents

ACM Transactions on Information and System Security (TISSEC)
Conflict Detection and Resolution in Access Control Policy Specifications

FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
The XML web: a first study

WWW '03 Proceedings of the 12th international conference on World Wide Web
Dependencies and separation of duty constraints in GTRBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Merging Security Policies: Analysis of a Practical Example

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Compact Access Control Labeling for Efficient Secure XML Query Evaluation

ICDEW '05 Proceedings of the 21st International Conference on Data Engineering Workshops
Compressed accessibility map: efficient access control for XML

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Hybrid authorizations and conflict resolution

SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

While some authorization models support either positive or negative authorizations, hybrid frameworks take advantage of both authorizations. Resolving authorization conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies and the diversity of ways to combine resolution policies. Some researchers have addressed conflict resolution for tree-structured hierarchies, and others have applied a simple conflict resolution policy. The challenge is to combine several policies and to support sophisticated structures in one single framework. This paper proposes a unified framework together with a single parametric algorithm that supports all the legitimate combinations simultaneously, based on four conflict resolution policies. We validate our approach by testing the algorithm against both real data and synthetic examples to provide extensive experimental results.