Efficiently Characterizing the Undefined Requests of a Rule-Based System

Abstract: Rule-based systems are used to define complex policies in several contexts, because of the flexibility and modularity they provide. This is especially critical for security systems, which may require to compose evolving policies for privacy, accountability, access control, etc. The inclusion of conflicting rules in complex policies, results in the inability of the system to unambiguously answer to certain requests, with possibly unpredictable effects. The static identification of these undefined requests is pa… Show more

“…And ( Nurse (T , X ) , Not ( Doctor (T , X )) , Patient (T , X ) , Not ( PrimaryDoctor (T , X ))) = > And ( Patie ntWithTP C (T , X ) , Employee (T , X )) ... another 9 not unsafe exclusive rules Applying the method given in [2] on the example shown in Listing 1.1, a total of 4 unsafe and 10 not unsafe exclusive rules are generated. Listing 1.2 shows a snippet of these rules.…”

“…Analyzing inconsistent and conflicting situations in security policies is an important area of research and many proposals exist. Several approaches are focused on detecting specific kinds of problems [7,9,11,10,2], while others are interested in fixing these problems [8,5,14,6,12]. We consider inconsistencies, or conflicts, or undefined requests, called problems here, as they lead to bugs or security leaks.…”

“…Our purpose in this paper is to suggest a new method in order to assist specifiers in fixing discovered problems in their policies. To make the conflicts explicit, we reuse a general and logical method defined in [2]. This method, in addition to revealing the problems, provides some information which can be exploited to cure those problems.…”

“…We first provide a naive approach to remove the problem but its time complexity becomes exponential if we try to minimize the size of the modifications. Exploiting the enumerative method of [2] we are able to provide an optimized version of this process.…”

“…A request is called undefined request, if it is satisfiable by itself, but unsatisfiable when in conjunction with R. The phenomenon caused by an undefined request is that when it is evaluated, R would give contradictory/unsatisfiable replies, therefore making the system unrealizable. We previously propose in [2] an optimized method to enumerate and classify all undefined requests in a rule system. The method translates the original rule system into an equivalent system made of exclusive rules.…”

Removing Problems in Rule-Based Policies

“…And ( Nurse (T , X ) , Not ( Doctor (T , X )) , Patient (T , X ) , Not ( PrimaryDoctor (T , X ))) = > And ( Patie ntWithTP C (T , X ) , Employee (T , X )) ... another 9 not unsafe exclusive rules Applying the method given in [2] on the example shown in Listing 1.1, a total of 4 unsafe and 10 not unsafe exclusive rules are generated. Listing 1.2 shows a snippet of these rules.…”

“…Analyzing inconsistent and conflicting situations in security policies is an important area of research and many proposals exist. Several approaches are focused on detecting specific kinds of problems [7,9,11,10,2], while others are interested in fixing these problems [8,5,14,6,12]. We consider inconsistencies, or conflicts, or undefined requests, called problems here, as they lead to bugs or security leaks.…”

“…Our purpose in this paper is to suggest a new method in order to assist specifiers in fixing discovered problems in their policies. To make the conflicts explicit, we reuse a general and logical method defined in [2]. This method, in addition to revealing the problems, provides some information which can be exploited to cure those problems.…”

“…We first provide a naive approach to remove the problem but its time complexity becomes exponential if we try to minimize the size of the modifications. Exploiting the enumerative method of [2] we are able to provide an optimized version of this process.…”

“…A request is called undefined request, if it is satisfiable by itself, but unsatisfiable when in conjunction with R. The phenomenon caused by an undefined request is that when it is evaluated, R would give contradictory/unsatisfiable replies, therefore making the system unrealizable. We previously propose in [2] an optimized method to enumerate and classify all undefined requests in a rule system. The method translates the original rule system into an equivalent system made of exclusive rules.…”

Removing Problems in Rule-Based Policies

Inference Rules for Determined Decisions in Policy-Based ABAC Enforcement Systems