Resolving constraint conflicts

Trent Ray Jaeger, Reiner Sailer, Xiaolan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Citations (Scopus)

Abstract

In this paper, we define constraint conflicts and examine properties that may aid in guiding their resolution. A constraint conflict is an inconsistency between the access control policy and the constraints specified to limit that policy. For example, a policy that permits a high integrity subject to access low integrity data is in conflict with a Biba integrity constraint. Constraint conflicts differ from typical policy conflicts in that constraints are never supposed to be violated. That is, a conflict with a constraint results in a policy compilation error, whereas policy conflicts are resolved at runtime. As we have found in the past, when constraint conflicts occur in a specification a variety of resolutions are both possible and practical. In this paper, we detail some key formal properties of constraint conflicts and show how these are useful in guiding conflict resolution. We use the SELinux example policy for Linux 2.4.19 as the source of our constraint conflicts and resolution examples. The formal properties are used to guide the selection of resolutions and provide a basis for a resolution language that we apply to resolve conflicts in the SELinux example policy.

Original languageEnglish (US)
Title of host publicationProceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004
Pages105-114
Number of pages10
Volume9
StatePublished - 2004
EventProceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004 - Yorktown Heights, NY, United States
Duration: Jun 2 2004Jun 4 2004

Other

OtherProceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004
CountryUnited States
CityYorktown Heights, NY
Period6/2/046/4/04

Fingerprint

Access control
Specifications
Linux

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Cite this

Jaeger, T. R., Sailer, R., & Zhang, X. (2004). Resolving constraint conflicts. In Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004 (Vol. 9, pp. 105-114)
Jaeger, Trent Ray ; Sailer, Reiner ; Zhang, Xiaolan. / Resolving constraint conflicts. Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004. Vol. 9 2004. pp. 105-114
@inproceedings{6c54db9ed3c1401ba39ebc5917bc37f7,
title = "Resolving constraint conflicts",
abstract = "In this paper, we define constraint conflicts and examine properties that may aid in guiding their resolution. A constraint conflict is an inconsistency between the access control policy and the constraints specified to limit that policy. For example, a policy that permits a high integrity subject to access low integrity data is in conflict with a Biba integrity constraint. Constraint conflicts differ from typical policy conflicts in that constraints are never supposed to be violated. That is, a conflict with a constraint results in a policy compilation error, whereas policy conflicts are resolved at runtime. As we have found in the past, when constraint conflicts occur in a specification a variety of resolutions are both possible and practical. In this paper, we detail some key formal properties of constraint conflicts and show how these are useful in guiding conflict resolution. We use the SELinux example policy for Linux 2.4.19 as the source of our constraint conflicts and resolution examples. The formal properties are used to guide the selection of resolutions and provide a basis for a resolution language that we apply to resolve conflicts in the SELinux example policy.",
author = "Jaeger, {Trent Ray} and Reiner Sailer and Xiaolan Zhang",
year = "2004",
language = "English (US)",
volume = "9",
pages = "105--114",
booktitle = "Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004",

}

Jaeger, TR, Sailer, R & Zhang, X 2004, Resolving constraint conflicts. in Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004. vol. 9, pp. 105-114, Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, Yorktown Heights, NY, United States, 6/2/04.

Resolving constraint conflicts. / Jaeger, Trent Ray; Sailer, Reiner; Zhang, Xiaolan.

Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004. Vol. 9 2004. p. 105-114.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Resolving constraint conflicts

AU - Jaeger, Trent Ray

AU - Sailer, Reiner

AU - Zhang, Xiaolan

PY - 2004

Y1 - 2004

N2 - In this paper, we define constraint conflicts and examine properties that may aid in guiding their resolution. A constraint conflict is an inconsistency between the access control policy and the constraints specified to limit that policy. For example, a policy that permits a high integrity subject to access low integrity data is in conflict with a Biba integrity constraint. Constraint conflicts differ from typical policy conflicts in that constraints are never supposed to be violated. That is, a conflict with a constraint results in a policy compilation error, whereas policy conflicts are resolved at runtime. As we have found in the past, when constraint conflicts occur in a specification a variety of resolutions are both possible and practical. In this paper, we detail some key formal properties of constraint conflicts and show how these are useful in guiding conflict resolution. We use the SELinux example policy for Linux 2.4.19 as the source of our constraint conflicts and resolution examples. The formal properties are used to guide the selection of resolutions and provide a basis for a resolution language that we apply to resolve conflicts in the SELinux example policy.

AB - In this paper, we define constraint conflicts and examine properties that may aid in guiding their resolution. A constraint conflict is an inconsistency between the access control policy and the constraints specified to limit that policy. For example, a policy that permits a high integrity subject to access low integrity data is in conflict with a Biba integrity constraint. Constraint conflicts differ from typical policy conflicts in that constraints are never supposed to be violated. That is, a conflict with a constraint results in a policy compilation error, whereas policy conflicts are resolved at runtime. As we have found in the past, when constraint conflicts occur in a specification a variety of resolutions are both possible and practical. In this paper, we detail some key formal properties of constraint conflicts and show how these are useful in guiding conflict resolution. We use the SELinux example policy for Linux 2.4.19 as the source of our constraint conflicts and resolution examples. The formal properties are used to guide the selection of resolutions and provide a basis for a resolution language that we apply to resolve conflicts in the SELinux example policy.

UR - http://www.scopus.com/inward/record.url?scp=4143132099&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4143132099&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:4143132099

VL - 9

SP - 105

EP - 114

BT - Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004

ER -

Jaeger TR, Sailer R, Zhang X. Resolving constraint conflicts. In Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004. Vol. 9. 2004. p. 105-114