Resolving Policy Conflicts - Integrating Policies from Multiple Authors

Fatema, Kaniz; Chadwick, David

doi:10.1007/978-3-319-07869-4_29

Cited by 11 publications

(1 citation statement)

References 12 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, the XACML assumes that all the rules can be trusted, so a request might be responded to repeatedly [10]. In the authorization access control model, if the policy loaded on the PDP contains lots of redundancies related to policy/rule combining algorithms, it not only consumes and wastes lots of system resources, but also greatly increases the time the PDP spends in evaluating access requests.…”

Section: Introductionmentioning

confidence: 99%

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Fan

Zhang

Zhou

et al. 2016

Mathematical Problems in Engineering

View full text Add to dashboard Cite

If there are lots of redundancies in the policies loaded on the policy decision point (PDP) in the authorization access control model, the system will occupy more resources in operation and consumes plenty of evaluation time and storage space. In order to detect and eliminate policy redundancies and then improve evaluation performance of the PDP, a redundancy related to combining algorithms detecting and eliminating engine is proposed in this paper. This engine cannot only detect and eliminate the redundancy related to combining algorithms, but also evaluate access requests. A Resource Brick Wall is constructed by the engine according to the resource attribute of a policy's target attributes. By the Resource Brick Wall and the policy/rule combining algorithms, three theorems for detecting redundancies related to combining algorithms are proposed. A comparison of the evaluation performance of the redundancy related to combining algorithms detecting and eliminating engine with that of Sun PDP is made. Experimental results show that the evaluation performance of the PDP can be prominently improved by eliminating the redundancy related to combining algorithms.

show abstract

Section: Introductionmentioning

confidence: 99%

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Fan

Zhang

Zhou

et al. 2016

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

AAL and Static Conflict Detection in Policy

Royer¹,

Oliveira²

2016

Cryptology and Network Security

View full text Add to dashboard Cite

International audienceSecurity and privacy requirements in ubiquitous systems need a sophisticated policy language with features to express access restrictions and obligations. Ubiquitous systems involve multiple actors owning sensitive data concerning aspects such as location, discrete and continuous time, multiple roles that can be shared among actors or evolve over time. Policy consistency is an important problem in languages supporting these aspects. In this paper we present an abstract language (AAL) to specify most of these security and privacy features and compare it with XACML. We also classified the existing conflict detection mechanisms for XACML in dynamic, testing, or static detection. A thorough analysis of these mechanisms reveals that they have several weaknesses and they are not applicable in our context. We advocate for a classic approach using the notion of logical consistency to detect conflicts in AAL

show abstract

Elimination of policy conflict to improve the PDP evaluation performance

Fan

Zhang

2017

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Resolving Policy Conflicts - Integrating Policies from Multiple Authors

Cited by 11 publications

References 12 publications

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

AAL and Static Conflict Detection in Policy

Elimination of policy conflict to improve the PDP evaluation performance

Contact Info

Product

Resources

About