Abstract
In this paper we present an access control model that considers both abstract and concrete access control policies specifications. Permissions and prohibitions are expressed within this model with contextual conditions. This situation may lead to conflicts. We propose a type system that is applied to the different rules in order to check for inconsistencies. If a resource is well typed, it is guaranteed that access rules to the resource contain no conflicts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AbouElKalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Come, Italy, June 2003, pp. 120–134 (2003)
Adi, K., Elkabbal, A., Mejri, M.: Un Système de Types pour l’Analyse des Pare-feux. In: Proccedings of the 4th Conference on Security and Network Architectures (SAR 2005), pp. 227–236 (2005)
Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE Journal on Selected Areas in Communications 23(10), 2069–2084 (2005)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1) (2003)
Bertino, E., Jajodia, S., Samarati, P.: Supporting Multiple Access Control Policies in Database Systems. In: IEEE Symposium on Security and Privacy, pp. 94–107 (1996)
Bouzida, Y.: Managing security rules conflicts. European Patent Number EP 2 023 567 A1 (August 2007)
Bouzida, Y.: Online security rules conflict management. European Patent Number EP 2 023 566 A1 (August 2007)
Cuppens, F., Cuppens-Boulahia, N., BenGhorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. Electr. Notes Theor. Comput. Sci. 186, 3–26 (2007)
Cuppens, F., Miège, A.: Modelling contexts in the Or-BAC model. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, Nevada, USA, December 2003, pp. 416–427 (2003)
Gouda, M.G., Liu, A.X.: Firewall Design: Consistency, Completeness, and Compactness. In: ICDCS 2004, pp. 320–327 (2004)
Weissman, V., Halpern, J.Y.: Using First-Order Logic to Reason about Policies. In: 16th IEEE Computer Security Foundations Workshop, CSFW 2003 (2003)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, pp. 31–42 (1997)
Koch, M., Mancini, L., Parisi-Presicce, F.: Conflict detection and resolution in access control policy specifications. In: Nielsen, M., Engberg, U. (eds.) FOSSACS 2002. LNCS, vol. 2303, pp. 223–237. Springer, Heidelberg (2002)
Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: AINAW 2007: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 505–511. IEEE Computer Society, Los Alamitos (2007)
Pene, L., Adi, K.: Calculus for Distributed Firewall Specification and Verification. In: Proccedings of 5th International Conference on Software Methodologies, Tools and Techniques, pp. 301–315. IOS Press, Amsterdam (2006)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adi, K., Bouzida, Y., Hattak, I., Logrippo, L., Mankovskii, S. (2009). Typing for Conflict Detection in Access Control Policies. In: Babin, G., Kropf, P., Weiss, M. (eds) E-Technologies: Innovation in an Open World. MCETECH 2009. Lecture Notes in Business Information Processing, vol 26. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01187-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-01187-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01186-3
Online ISBN: 978-3-642-01187-0
eBook Packages: Computer ScienceComputer Science (R0)