Skip to main content
SpringerLink
Log in

Typing for Conflict Detection in Access Control Policies

  • Conference paper
E-Technologies: Innovation in an Open World (MCETECH 2009)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 26))

Included in the following conference series:

Abstract

In this paper we present an access control model that considers both abstract and concrete access control policies specifications. Permissions and prohibitions are expressed within this model with contextual conditions. This situation may lead to conflicts. We propose a type system that is applied to the different rules in order to check for inconsistencies. If a resource is well typed, it is guaranteed that access rules to the resource contain no conflicts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AbouElKalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Come, Italy, June 2003, pp. 120–134 (2003)

    Google Scholar 

  2. Adi, K., Elkabbal, A., Mejri, M.: Un Système de Types pour l’Analyse des Pare-feux. In: Proccedings of the 4th Conference on Security and Network Architectures (SAR 2005), pp. 227–236 (2005)

    Google Scholar 

  3. Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE Journal on Selected Areas in Communications 23(10), 2069–2084 (2005)

    Article  Google Scholar 

  4. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1) (2003)

    Google Scholar 

  5. Bertino, E., Jajodia, S., Samarati, P.: Supporting Multiple Access Control Policies in Database Systems. In: IEEE Symposium on Security and Privacy, pp. 94–107 (1996)

    Google Scholar 

  6. Bouzida, Y.: Managing security rules conflicts. European Patent Number EP 2 023 567 A1 (August 2007)

    Google Scholar 

  7. Bouzida, Y.: Online security rules conflict management. European Patent Number EP 2 023 566 A1 (August 2007)

    Google Scholar 

  8. Cuppens, F., Cuppens-Boulahia, N., BenGhorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. Electr. Notes Theor. Comput. Sci. 186, 3–26 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  9. Cuppens, F., Miège, A.: Modelling contexts in the Or-BAC model. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, Nevada, USA, December 2003, pp. 416–427 (2003)

    Google Scholar 

  10. Gouda, M.G., Liu, A.X.: Firewall Design: Consistency, Completeness, and Compactness. In: ICDCS 2004, pp. 320–327 (2004)

    Google Scholar 

  11. Weissman, V., Halpern, J.Y.: Using First-Order Logic to Reason about Policies. In: 16th IEEE Computer Security Foundations Workshop, CSFW 2003 (2003)

    Google Scholar 

  12. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symposium on Security and Privacy, pp. 31–42 (1997)

    Google Scholar 

  13. Koch, M., Mancini, L., Parisi-Presicce, F.: Conflict detection and resolution in access control policy specifications. In: Nielsen, M., Engberg, U. (eds.) FOSSACS 2002. LNCS, vol. 2303, pp. 223–237. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: AINAW 2007: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 505–511. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  15. Pene, L., Adi, K.: Calculus for Distributed Firewall Specification and Verification. In: Proccedings of 5th International Conference on Software Methodologies, Tools and Techniques, pp. 301–315. IOS Press, Amsterdam (2006)

    Google Scholar 

  16. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security Research Laboratory, Computer Science and Engineering Department, Université du Québec en Outaouais, Québec, Canada

    Kamel Adi, Yacine Bouzida, Ikhlass Hattak & Luigi Logrippo

  2. CA Labs, 125 Commerce Valley DR W, Thornill, ON, L3T 7W4, Canada

    Serge Mankovskii

Authors
  1. Kamel Adi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yacine Bouzida
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ikhlass Hattak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luigi Logrippo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Serge Mankovskii
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technologies de l’Information, HEC Montréal, 3000, ch. de la Côte-Sainte-Catherine, H3T 2A7, Montréal, (Québec), Canada

    Gilbert Babin

  2. Institut d’informatique, Université de Neuchâtel, Rue Emile Argand 11, 2000, Neuchâtel, Switzerland

    Peter Kropf

  3. School of Computer Science, Carleton University, K1S 5B6, Ottawa, Ontario, Canada

    Michael Weiss

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Adi, K., Bouzida, Y., Hattak, I., Logrippo, L., Mankovskii, S. (2009). Typing for Conflict Detection in Access Control Policies. In: Babin, G., Kropf, P., Weiss, M. (eds) E-Technologies: Innovation in an Open World. MCETECH 2009. Lecture Notes in Business Information Processing, vol 26. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01187-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01187-0_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01186-3

  • Online ISBN: 978-3-642-01187-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation