Hybrid Authorization Conflict Detection by Inferring Partial Data in RDF Access Control

Controlling access to the resource description framework (RDF) is complex and costly because of ontology inference. Jain and Farkas suggested an instance-level authorization conflict detection algorithm in consideration of this complexity. However, their method entails significant costs because security levels are assigned in all instances, and RDF inference is actually performed for the instances. To reduce costs, an authorization-level conflict detection method was proposed. The proposed method does not assign security levels to instances but evaluates judges if there is the existence of conflicts by only verifying access authorizations based on pre-analyzed authorization conflict conditions. However, this method is based on the assumption that authorization conflict conditions should be pre-analyzed completely. In this paper, we propose a hybrid authorization conflict detection method that combines the two methods. The hybrid method does not need to pre-analyze conflict conditions perfectly such as in the authorization-level method because RDF inference is conducted directly. However, given that the hybrid method does not have to consider all instances, the conflict detection time is shorter for the hybrid method than that for the instance-level method. Experimental results also indicate that the hybrid method is feasible.