Proactive identification and prevention of unexpected future rule conflicts in attribute based access control

Daren Zha, Jiwu Jing, Peng Liu, Jingqiang Lin, Xiaoqi Jia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Attribute based access control (ABAC) provides an intuitive way for security administrators to express conditions (associated with status of objects) in access control policies; however, during the design and development of an ABAC system, new problems concerning the consistency and security of the ABAC system may emerge. In this paper, we report on two specific ABAC problems denoted as the "future rule conflicts" problem and the "object overlapping" problem, which we have recently identified in developing the ABAC system for a large research laboratory. We use real world examples to illustrate the negative impact of these two problems and present two novel algorithms for the identification and prevention of these problems. We give the correctness proof for both algorithm and apply these algorithms to the attribute based laboratory control (ABLC) system and the results are also reported.

Original languageEnglish (US)
Title of host publicationComputational Science and Its Applications - ICCSA 2010 - International Conference, Proceedings
PublisherSpringer Verlag
Pages468-481
Number of pages14
EditionPART 4
ISBN (Print)3642121888, 9783642121883
DOIs
StatePublished - 2010
Event2010 International Conference on Computational Science and Its Applications, ICCSA 2010 - Fukuoka, Japan
Duration: Mar 23 2010Mar 26 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 4
Volume6019 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2010 International Conference on Computational Science and Its Applications, ICCSA 2010
Country/TerritoryJapan
CityFukuoka
Period3/23/103/26/10

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Proactive identification and prevention of unexpected future rule conflicts in attribute based access control'. Together they form a unique fingerprint.

Cite this