The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

An Optimal Conflict Resolution Strategy for Event-Driven Role Based Access Control Policies

Download

Download PDF Document
PDF

Author

Basit Shaiq, Elisa Bertino, and Arif Ghafoor

Tech report number

CERIAS TR 2005-08

Entry type

techreport

Abstract

Role based access control (RBAC) has generated great interest in the security community for its inherent richness and flexibility in modeling a wide range of access control policies. Any comprehensive access control model such as RBAC requires verification tools to support consistency analysis and identify possible policy conflicts. These conflicts, if remain undetected and unresolved, expose the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in event-driven RBAC policies. The framework uses an integer programming based approach for optimal resolution of policy conflicts. The proposed approach is generic and can be tuned to a variety of optimality measures.

Download

PDF

Institution

CERIAS

Key alpha

shafiq

Publication Date

1900-01-01

Contents

Event-driven RBAC Policy verification Conflict resolution

Subject

Resolution of conflicts in event-driven RBAC policies

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.