TY - GEN
T1 - Proactive identification and prevention of unexpected future rule conflicts in attribute based access control
AU - Zha, Daren
AU - Jing, Jiwu
AU - Liu, Peng
AU - Lin, Jingqiang
AU - Jia, Xiaoqi
N1 - Funding Information:
This work is supported by 863 Foundation No.2006AA01Z454, and NSF No.70890084/G021102.
PY - 2010
Y1 - 2010
N2 - Attribute based access control (ABAC) provides an intuitive way for security administrators to express conditions (associated with status of objects) in access control policies; however, during the design and development of an ABAC system, new problems concerning the consistency and security of the ABAC system may emerge. In this paper, we report on two specific ABAC problems denoted as the "future rule conflicts" problem and the "object overlapping" problem, which we have recently identified in developing the ABAC system for a large research laboratory. We use real world examples to illustrate the negative impact of these two problems and present two novel algorithms for the identification and prevention of these problems. We give the correctness proof for both algorithm and apply these algorithms to the attribute based laboratory control (ABLC) system and the results are also reported.
AB - Attribute based access control (ABAC) provides an intuitive way for security administrators to express conditions (associated with status of objects) in access control policies; however, during the design and development of an ABAC system, new problems concerning the consistency and security of the ABAC system may emerge. In this paper, we report on two specific ABAC problems denoted as the "future rule conflicts" problem and the "object overlapping" problem, which we have recently identified in developing the ABAC system for a large research laboratory. We use real world examples to illustrate the negative impact of these two problems and present two novel algorithms for the identification and prevention of these problems. We give the correctness proof for both algorithm and apply these algorithms to the attribute based laboratory control (ABLC) system and the results are also reported.
UR - http://www.scopus.com/inward/record.url?scp=77952313354&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952313354&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-12189-0_41
DO - 10.1007/978-3-642-12189-0_41
M3 - Conference contribution
AN - SCOPUS:77952313354
SN - 3642121888
SN - 9783642121883
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 468
EP - 481
BT - Computational Science and Its Applications - ICCSA 2010 - International Conference, Proceedings
PB - Springer Verlag
T2 - 2010 International Conference on Computational Science and Its Applications, ICCSA 2010
Y2 - 23 March 2010 through 26 March 2010
ER -