Detecting conflicts in ABAC policies with rule-reduction and binary-search techniques

Authors:
Cheng-chun Shu;Erica Y. Yang;Alvaro E. Arenas
Affiliations:
Institute of Computing Technology, Chinese Academic of Science, Beijing, P. R. China;E-Science Centre, STFC Rutherford Appleton Laboratory, Didcot, Oxjordshire, UK;E-Science Centre, STFC Rutherford Appleton Laboratory, Didcot, Oxjordshire, UK
Venue:
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Year:
2009

Citing 4
Cited 0

An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
A uniform framework for regulating service access and information release on the web

Journal of Computer Security
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
Consolidating the access control of composite applications and workflows

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attribute-based access control (ABAC) policies are effective and flexible in governing the access to information and resources in open distributed computing environments. However, ABAC policy rules are often complex making them prone to conflicts. This paper proposes an optimized method to detect the conflicts between statistically conflicting rules in an ABAC policy. This method includes two optimization techniques: rule reduction and binary-search. The first technique reduces the rules into a set of compact, semantically equivalent rules through removing redundant information among the rules. The binary-search technique is then applied to discover the conflicts among them.