Title :
Detecting Conflicts in ABAC Policies with Rule-Reduction and Binary-Search Techniques
Author :
Shu, Cheng-chun ; Yang, Erica Y. ; Arenas, Alvaro E.
Author_Institution :
Inst. of Comput. Technol. (ICT), Chinese Acad. of Sci. (CAS), Beijing, China
Abstract :
Attribute-based access control (ABAC) policies are effective and flexible in governing the access to information and resources in open distributed computing environments. However, ABAC policy rules are often complex making them prone to conflicts. This paper proposes an optimized method to detect the conflicts between statistically conflicting rules in an ABAC policy. This method includes two optimization techniques: rule reduction and binary-search. The first technique reduces the rules into a set of compact, semantically equivalent rules through removing redundant information among the rules. The binary-search technique is then applied to discover the conflicts among them.
Keywords :
authorisation; grid computing; optimisation; search problems; attribute-based access control; binary search techniques; conflict detection; open distributed computing environments; optimization method; rule reduction; Access control; Computers; Content addressable storage; Control systems; Databases; Distributed computing; Information security; Optimization methods; Resource management; Web services; Access Contrl; Attribute-Based Access Control; Conflict Analysis; Rule Reduction;
Conference_Titel :
Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on
Conference_Location :
London
Print_ISBN :
978-0-7695-3742-9
Electronic_ISBN :
978-0-7695-3742-9
DOI :
10.1109/POLICY.2009.22
