Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Protection in operating systems
Communications of the ACM
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Conflict Detection and Resolution in Access Control Policy Specifications
FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
WWW '03 Proceedings of the 12th international conference on World Wide Web
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Merging Security Policies: Analysis of a Practical Example
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Compact Access Control Labeling for Efficient Secure XML Query Evaluation
ICDEW '05 Proceedings of the 21st International Conference on Data Engineering Workshops
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A unified conflict resolution algorithm
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Hi-index | 0.00 |
Numerous authorization models have been proposed in recent years. While some models support either positive or negative authorizations, hybrid models take advantage of both authorizations simultaneously. However, resolving authorization conflicts is quite a challenge in such models due to the existence of sophisticated hierarchies and diversity of types of resolution strategies. There are works that have addressed conflict resolution for tree-structured subject hierarchies. Yet, no widespread framework has been proposed for graph-based structures. A widespread resolution framework ought to provide several resolution strategies and to support sophisticated structures. Our attempt is to define such a framework. In particular, our framework resolves conflicts for subject hierarchies that form directed acyclic graphs. It also unites major resolution policies in a novel way by which thirty-two combined strategies are simultaneously expressed. We also provide parametric algorithms to support the strategies and to justify the framework with our analysis and experiments.