Jianfeng Lu,Ruixuan Li,Jinwei Hu,Dewu Xu

DOI: https://doi.org/10.1186/1687-1499-2011-101

2011-01-01

EURASIP Journal on Wireless Communications and Networking

Abstract:Policy inconsistencies may arise between safety and utility policies due to their opposite objectives. In this work we provide a formal examination of policy inconsistencies resolution for the coexistence of static separation-of-duty (SSoD) policies and strict availability (SA) policies. Firstly, we reduce the complexity of reasoning about policy inconsistencies by static pruning technique and minimal inconsistency cover set. Secondly, we present a systematic methodology for measuring safety loss and utility loss, and evaluate the safety-utility tradeoff for each choice. Thirdly, we present two prioritized-based resolutions to deal with policy inconsistencies based on safety-utility tradeoff. Finally, experiments show the effectiveness and efficiency of our approach.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ebiss.2009.5138002

2009-01-01

Abstract:Access control becomes more and more essential for safe and security access to the system resources. Role based access control policy widely used in industry enterprise systems nowadays is a statement which specifies the rules about how to setup the process for granting or denying authorizations. It is extremely important to make sure that there is no inconsistency of an access control policy, since otherwise it may conceal the security danger or even break down the entire access control system. In this paper, we analyze the inconsistencies of role based access control policy, and give the formal definition for the inconsistency. We then propose an inconsistency checking algorithm to detect the inconsistencies of a role based access control policy.

Ruixuan Li,Jianfeng Lu,Zhengding Lu,Xiaopu Ma

DOI: https://doi.org/10.1587/transinf.e93.d.491

2010-01-01

IEICE Transactions on Information and Systems

Abstract:The safety and availability policies are very important in an access control system for ensuring security and success when performing a certain task. However, conflicts may arise between safety and availability policies due to their opposite focuses. In this paper, we address the problem of consistency checking for safety and availability policies, especially for the co-existence of static separation-of-duty (SSoD) policies with availability policies, which determines whether there exists an access control state that satisfies all of these policies. We present criteria for determining consistency with a number of special cases, and show that the general case and partial subcases of the problem are intractable (NP-hard) and in the Polynomial Hierarchy NPNP. We design an algorithm to efficiently solve the nontrivial size instances for the intractable cases of the problem. The running example shows the validity of the proposed algorithm. The investigation will help the security officer to specify reasonable access control policies when both safety and availability policies coexist.

任占阳,望育梅,张琳

DOI: https://doi.org/10.3969/j.issn.1673-1131.2010.01.003

2010-01-01

Abstract:In resource control platforms,such as PCC(Policy and Charging Control) and RACS(Resource and Admission Control Subsystem),the functions of resource control and charging are achieved based on policies. In these systems,how to detect policy conflicts exactly and resolve it effectively becomes a critical problem for policy control. In this paper,based on the analysis of classification and detection of policy conflicts,the drawback in present methods of resolving policy conflicts is discussed,and a new approach based on priority is provided further.

Mingjie Yu,Fenghua Li,Nenghai Yu,Xiao Wang,Yunchuan Guo

DOI: https://doi.org/10.1016/j.dcan.2022.09.002

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:Policy conflicts may cause substantial economic losses. Although a large amount of effort has been spent on detecting intra-domain policy conflict, it can not detect conflicts of heterogeneous policies. In this paper, considering background knowledge, we propose a conflict detection mechanism to search and locate conflicts of heterogeneous policies. First, we propose a general access control model to describe authorization mechanisms of cloud service and a translation scheme designed to translate a cloud service policy to an Extensible Access Control Markup Language (XACML) policy. Then the scheme based on Multi-terminal Multi-data-type Interval Decision Diagram (MTMIDD) and Extended MTMIDD (X-MTMIDD) is designed to represent XACML policy and search the conflict among heterogeneous policies. To reduce the rate of false positives, the description logic is used to represent XACML policy and eliminate false conflicts. Experimental results show the efficiency of our scheme.

telecommunications

XJ Li,XS Qiu,LM Meng

2004-01-01

Abstract:In policy based network management systems, policy conflicts can arise due to omissions, errors or conflicting requirements of the administrators in the process of editing policies. Though various methods of policy conflicts detection and resolution are proposed, the fundamental thing is to avoid policy conflict for policy conflict detection and resolution is often computationally expensive. In this paper a method based on relative priority between policies is proposed for conflict avoiding in the process of editing policies.

Nguyen Minh Hoang,Ha Xuan Son

DOI: https://doi.org/10.1145/3309074.3309097

2019-01-01

Abstract:Access control is a security technique that specifies access rights to resources in a cloud computing environment. As information in cloud systems nowadays become more complex, it plays an important role in authenticating and authorizing users and preventing an attacker from targeting sensitive information. However, in recent years, with the popularity of the Internet as social network, IoTs which deploy in cloud platforms for sharing data in real-time, more and more challenges have been exposed. For example, the access control mechanism must be able to guarantee fine-grained access control, privacy protection, conflicts and redundancies handle between rules of the same policy or between different policies. In this paper, we proposed an access control model based on attribute that incorporates a policy model based on the combining algorithm and prioritization of functions to resolve conflicts at a fine-grained level called "Dynamic model for fine-grained policy conflict resolution". Experiments are carried out to illustrate the relationship between the processing time for the traditional approach (single policy, multi-policy without priority) and our approach (multi-policy with priority). Experimental results show that the evaluation performance satisfies the privacy requirements defined by the user.

Baoping Wang,Guang Zhao,Jun Liu,Xingang Zhang

DOI: https://doi.org/10.1109/nswctc.2010.73

2010-01-01

Abstract:A separation-of-duty (SoD) policy requires a sensitive task to be performed by a set of users of size no less than some threshold. Such focus on safety properties probably stems from the fact that access control has been mostly viewed as a tool for restricting access. An equally important aspect of access control is the availability properties about enabling access. One example is an availability policy, which states that the cooperation of at most a certain number of users is required to successfully complete a task. In many situations, both safety and availability properties are required in the context of access control, though conflicts may arise due to their opposite focuses. In this paper, we combine a static SoD policy and an availability policy to introduce the available static SoD (ASSoD) policies to capture both of the safety and availability properties. We present the computational complexity of the satisfy checking problem of ASSoD policies, and show that it is intractable (both coNP-complete and NPcomplete) to checking whether an access control state satisfy an ASSoD policy. We also show that not all size-2 ASSoD policy set are composable, and study the composition properties of ASSoD policies.

张明生,杨静

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.08.024

2008-01-01

Computer Science

Abstract:The conflict detection and resolution are important issues in authorization of an access control model.Our research on these problems is performed by using comparative approach.We first investigate the authorization system specification based on logic program,then analyze authorization conflicts resolution based on traditional priority and organization through the explanation of an example on the health care sector,finally we propose a conflict resolution schema for exceptional conflicts in high level authorization specification by using the logic program LPOD(Logic Program with Ordered Disjunction).

Gang Liu,Wenxian Pei,Yumin Tian,Chen Liu,Shancang Li

DOI: https://doi.org/10.1016/j.jii.2021.100200

IF: 11.718

2021-01-01

Journal of Industrial Information Integration

Abstract:Attributed-based access control (ABAC) is widely used in systems with large resources and users such as the Industrial Internet of Things (IIoT), Industrial information integration system, and so on. Attribute-based security policy is highly flexible and expressive, but conflicts between policies occur frequently, affecting the security and availability of the system. Based on analyzing the ABAC security policies represented by the eXtensible Access Control Markup Language (XACML), this study proposes a formal definition of explicit conflicting rules, probable-conflicting rules, and never-conflicting rules. Also, we found that conflicts occur on a pair of rules in which attribute expressions have overlapping values and that be applied to the same request. A new conflict detection method is proposed in which implicit conflicting rules are converted to explicit conflicting rules by completing the absent attribute expressions and then compare all the rules in pairs to detect all the probable conflicting rules in a rule set. In this way, we can analyze the conflicting probability of each pair of policy rules. Furthermore, we define two metrics to evaluate the conflict level of a rule set. Experiment results show that implicit conflicting rules are more numerous than explicit conflicting rules in the policy set. Also, with an increase in the number of attribute expressions in each rule, the conflicting level of a rule set is significantly reduced, which provides a reference for policymaking. With this method, administrators can formulate more robust and efficient security policies, improve the security and availability of systems.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.a0820366

2009-01-01

Journal of Zhejiang University SCIENCE A

Abstract:The specification of authorization policies in access control models proposed so far cannot satisfy the requirements in workflow management systems (WFMSs). Furthermore, existing approaches have not provided effective conflict detection and resolution methods to maintain the consistency of authorization polices in WFMSs. To address these concerns, we propose the definition of authorization policies in which context constraints are considered and the complicated requirements in WFMSs can be satisfied. Based on the definition, we put forward static and dynamic conflict detection methods for authorization policies. By defining two new concepts, the precedence establishment rule and the conflict resolution policy, we provide a flexible approach to resolving conflicts.

Hongyan Yao,Mingchu Li

2010-01-01

Abstract:Logic-based anthorization has been arisen in recent years and to reasonpolicy for getting authorization decision is of central position in it. Howeverthere may have a policy inconsistency problem dnring the process of policycombination if policy contains negative rules. This problem will make policydeduction time-consnming and authorization decision intractable. To solve thisproblem, the paper presents a logic-based approach for reasoning policy to getanthorization decision even though the policy is inconsistent. The approachadopts the operation of replacement and combination to adjust policy consistentat first, and then follows the result to reason policy for final decision. Thealgorithm for final decision runs in polynomial-time Omicron;(n2T/2).It is almost the same with Ο(Mn2T) in PolicyMaker TrustManagement System, but in which negative rules are excluded. ICIC International © 2010.

XIE Rongna,LI Hui,SHI Guozhen,GUO Yunchuan

DOI: https://doi.org/10.11959/j.issn.1000-436x.2020035

2020-01-01

Abstract:Aiming at the severe challenges of access control policy redundancy and conflict detection,the efficiency of access control policy evaluation in complex network environment,an attribute-based lightweight reconfigurable access control policy was proposed.Taking the attribute-based access control policy as an example,the attribute-based access control policy was divided into multiple disjoint atomic access control rules according to the operation type,subject attribute,object attribute,and environment attribute in the access control policy.Complex access control policies were constructed through atomic access control rules and an algebraic expression formed by AND,OR logical relationships.A method for redundancy and collision detection of atomic access control rules was proposed.A method was proposed for decompose a complex access control policy into equivalent atomic access control rules and an algebraic expression.The method for redundancy and collision detection of complex access control policies were proposed through redundancy and collision detection of equivalent atomic access control rules and algebraic expressions.From time complexity and space complexity,the efficiency of the equivalent transformation access control policy was evaluated.It showes that the reconstruction method for access control policy greatly reduces the number,size and complexity of access control policy,improves the efficiency of access control policy redundancy and collision detection,and the efficiency of access control evaluation.

Hua Wang,Jing Ying

DOI: https://doi.org/10.1109/icmlc.2007.4370543

2007-01-01

Abstract:A recent approach to monitor and adapt system behavior at runtime is to decouple one or more external modules and self-adaptive mechanism from the target system. An important challenge arises when more than one such self-adaptive module is employed: how can we ensure that they cooperate without conflicts in a coherent fashion? This paper describes our initial approach for harmonizing conflicting policies in the presence of multiple self-adaptive modules. The main distribution of the paper is to resolve conflicts using an extended ECA rule paradigm to coordinate self-adaptive actions among multiple external modules. The approach shares advantages with other policy languages, i.e., the declarative and domain-independent semantics of policy rules. However, a key benefit of our approach is that both conflicting actions and influence of actions are considered. We focus on the problem of harmonizing self-adaptation capability by detecting and further resolving policy conflicts using action-level meta rule and value-level meta rule. Finally, this paper illustrates the efficiency of the approach in a VOD system as a case study, and discusses our future plans.

Zai-lang HE,Jing-dong TIAN,Yu-Sen ZHANG

DOI: https://doi.org/10.3969/j.issn.1671-5896.2005.03.012

2005-01-01

Abstract:After the current state of policy conflict is overviewed, several limitations are pointed out, including that the detailed classification is not unique, the conflict detection is not perfect and complete, the judgment of events overlap is still a blank, the attention paid on solving application specific conflict is not enough. To settle these problems, policy conflict is reclassified, event overlap judgment arithmetic is supplied to detect modal conflict, property tag attachment method is put forward to detect application specific conflict, several measures of high owner level first and later load first are described to resolve policy conflict, and simulation for combined measure is made. These methods are necessary supplement for the known methods and effective to solve policy conflict, and it is shown in simulation results that the efficiency of combined measure is up by 10% to 27% compared with original methods in the same system circumstance.

Chisong Li,Hai Jin,Zhensong Liao

DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.04.011

2008-01-01

Abstract:Policies inconsistency in automated trusted negotiation was studied. Conflict policies were classified into four types by feature: policy language conflicts, role exclusion ones, policy content ones and policy description ones. 0-1 table and the definition of classification were introduced to testify the consistency and validity of the access control policy. Policies are classed by access control feature and act as inputs of 0-1 table, the outputs of 0-1 table can disclose policy inconsistency and prove policy validity explicitly. While policy inconsistency problem is dealt with, the policy set for access control policy of minimum satisfaction is also given.

Liang Fang,Lihua Yin,Yunchuan Guo,Zhen Wang,Fenghua Li

DOI: https://doi.org/10.1109/milcom.2018.8599819

2018-01-01

Abstract:Millions of composite data, which are co-owned by multiple users, are uploaded to the network everyday. Different co-owners may set different control policies on a single resource. It leaves us a problem that due to the different privacy needs of the co-owners, their control policies may have conflicts. We need to find a suitable way to resolve the conflicts. Most current approaches are based on the game theory model. These methods assume that the co-owners are completely rational, and are willing to adjust the control policies manually without any incentives when conflict occurs. However, these assumptions cannot stand. Therefore, to deal with this problem, we propose a bargain based incentive method to resolve the policy conflict problem. We propose a novel pricing system to achieve the balance between privacy loss and sharing benefit. Besides, we introduce a Clark-tax-based punishment mechanism to make sure that no co-owners would act maliciously. Game analysis and user studies are performed to illustrate the effectiveness of our proposed scheme.

Kedian MU,Zhi JIN,Didar ZOWGHI

DOI: https://doi.org/10.1007/s11424-008-9136-4

2008-01-01

Abstract:Inconsistency of multi-perspective requirements specifications is a pervasive issue during the requirements process. However, managing inconsistency is not just a pure technical problem. It is always associated with a process of interactions and competitions among corresponding stakeholders. The main contribution of this paper is to present a negotiations approach to handling inconsistencies in multi-perspective software requirements. In particular, the priority of requirements relative to each perspective plays an important role in proceeding negotiation over resolving inconsistencies among different stakeholders. An algorithm of generating negotiation proposals and an approach to evaluating proposals are also presented in this paper, respectively.

Qinghua Zhang,Jia Chen,Deyun Gao,Xiajing Wang

DOI: https://doi.org/10.1109/iccc55456.2022.9880783

2022-01-01

Abstract:Policy-Based Network Management has become a significant management paradigm of current Wireless Networking and Multimedia. With the implement of Software Defined Networking (SDN), networking admins and operators can input the service intents into the northbound interface and then automatically generate the network policies by controller. The generated policies will be compiled into network configuration and ultimately sent to the data plane through the South interface to deliver the service. But the conflicts across policies from diverse parties are still mainly solved manually by networking managers, which is increasingly difficult to satisfy the requirement of the complexity and diversity of policies. In this paper, we proposed an intent based policy conflict detection and solution method, which can discover and handle the conflicts automatically and effectively. Firstly, we develop an intent conflict detection method that can determine whether the conflicts occur across the policies according to the service bandwidth demand and the capacity of the networking functions. Secondly, we convert the conflict solving problem into an optimization problem with the goal of maximizing the number of policies satisfied the intents of service initiators, and minimizing the bandwidth loss of the high priority users. We evaluate our system using a diverse set of bandwidth policies and network topologies. Our experiments demonstrate that our method can effectively solve the conflicts across the policies on the basis of ensuring QoS.

Jianfeng Lu,Ruixuan Li,Jinwei Hu,Dewu Xu

DOI: https://doi.org/10.1587/transcom.E95.B.1508

2012-01-01

IEICE Transactions on Communications

Abstract:Separation-of-Duty (SoD) is a fundamental security principle for prevention of fraud and errors in computer security. It has been studied extensively in traditional access control models. However, the research of SoD policy in the recently proposed usage control (UCON) model has not been well studied. This paper formulates and studies the fundamental problem of static enforcement of static SoD (SSoD) policies in the context of UCONA, a sub-model of UCON only considering authorizations. Firstly, we define a set-based specification of SSoD policies, and the safety checking problem for SSoD in UCONA. Secondly, we study the problem of determining whether an SSoD policy is enforceable. Thirdly, we show that it is intractable (coNP-complete) to direct statically enforce SSoD policies in UCONA, while checking whether a UCONA state satisfies a set of static mutually exclusive attribute (SMEA) constraints is efficient, which provides a justification for using SMEA constraints to enforce SSoD policies. Finally, we introduce a indirect static enforcement for SSoD policies in UCONA. We show how to generate the least restrictive SMEA constraints for enforcing SSoD policies in UCONA, by using the attribute-level SSoD requirement as an intermediate step. The results are fundamental to understanding SSoD policies in UCON.