Proactive identification and prevention of unexpected future rule conflicts in attribute based access control

Daren Zha, Jiwu Jing, Peng Liu, Jingqiang Lin, Xiaoqi Jia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Attribute based access control (ABAC) provides an intuitive way for security administrators to express conditions (associated with status of objects) in access control policies; however, during the design and development of an ABAC system, new problems concerning the consistency and security of the ABAC system may emerge. In this paper, we report on two specific ABAC problems denoted as the "future rule conflicts" problem and the "object overlapping" problem, which we have recently identified in developing the ABAC system for a large research laboratory. We use real world examples to illustrate the negative impact of these two problems and present two novel algorithms for the identification and prevention of these problems. We give the correctness proof for both algorithm and apply these algorithms to the attribute based laboratory control (ABLC) system and the results are also reported.

Original languageEnglish (US)
Title of host publicationComputational Science and Its Applications - ICCSA 2010 - International Conference, Proceedings
Pages468-481
Number of pages14
EditionPART 4
DOIs
StatePublished - May 20 2010
Event2010 International Conference on Computational Science and Its Applications, ICCSA 2010 - Fukuoka, Japan
Duration: Mar 23 2010Mar 26 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 4
Volume6019 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2010 International Conference on Computational Science and Its Applications, ICCSA 2010
CountryJapan
CityFukuoka
Period3/23/103/26/10

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Zha, D., Jing, J., Liu, P., Lin, J., & Jia, X. (2010). Proactive identification and prevention of unexpected future rule conflicts in attribute based access control. In Computational Science and Its Applications - ICCSA 2010 - International Conference, Proceedings (PART 4 ed., pp. 468-481). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6019 LNCS, No. PART 4). https://doi.org/10.1007/978-3-642-12189-0-41