The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/49763
Record Status Checked
Record Id 49763
Title Efficiently detect conflicts between attribute-based access control policy rules with rule reduction and binary-search techniques
Abstract Attribute-based access control(ABAC) policies are effective and flexible in governing the access to information and resources in open computing environments. However, ABAC policy rules are often complex making them prone to conflicts. The complexity of dealing with ABAC rules arises from using multiple attributes to describe subjects and objects. This paper proposes an optimized method to detect the conflicts between statistically conflicting rules in an ABAC policy. This method includes two optimization techniques: rule reduction and binary-search. The first technique reduces the rules into a set of compact, semantically equivalent rules through removing redundant information among the rules. The binary-search technique is then applied to discover the conflicts among them. We also detail the algorithms used by these techniques to achieve the optimized performance. The time complexity for the proposed method is O(nlgn), where n is the number of rules in a policy. This is achieved at a cost of less than two times runtime space increase. The experimental studies have shown that a) our method can detect statically-conflicting rules in near linear time cost proportional to the number of rules; and b) achieve good scalability, as shown, by efficiently detecting the conflicts in an ABAC policy containing over 20,000 rules.
Organisation ESC , ESC-IM , STFC
Keywords Policy Analysis , Attribute-Based Access Control , Engineering , Policy Conflicts
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Report XtreemOS Report. 2009. abac_conflicts.pdf 2009