Detecting Conflicts in ABAC Policies with Rule-Reduction and Binary-Search Techniques

Author

Shu, Cheng-chun ; Yang, Erica Y. ; Arenas, Alvaro E.

Author_Institution

Inst. of Comput. Technol. (ICT), Chinese Acad. of Sci. (CAS), Beijing, China

fYear

2009

fDate

20-22 July 2009

Firstpage

182

Lastpage

185

Abstract

Attribute-based access control (ABAC) policies are effective and flexible in governing the access to information and resources in open distributed computing environments. However, ABAC policy rules are often complex making them prone to conflicts. This paper proposes an optimized method to detect the conflicts between statistically conflicting rules in an ABAC policy. This method includes two optimization techniques: rule reduction and binary-search. The first technique reduces the rules into a set of compact, semantically equivalent rules through removing redundant information among the rules. The binary-search technique is then applied to discover the conflicts among them.

Keywords

authorisation; grid computing; optimisation; search problems; attribute-based access control; binary search techniques; conflict detection; open distributed computing environments; optimization method; rule reduction; Access control; Computers; Content addressable storage; Control systems; Databases; Distributed computing; Information security; Optimization methods; Resource management; Web services; Access Contrl; Attribute-Based Access Control; Conflict Analysis; Rule Reduction;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on

Conference_Location

London

Print_ISBN

978-0-7695-3742-9

Electronic_ISBN

978-0-7695-3742-9

Type

conf

DOI

10.1109/POLICY.2009.22

Filename

5197406