Abstract
Policy inconsistencies may arise between safety and utility policies due to their opposite objectives. In this work we provide a formal examination of policy inconsistencies resolution for the coexistence of static separation-of-duty (SSoD) policies and strict availability (SA) policies. Firstly, we reduce the complexity of reasoning about policy inconsistencies by static pruning technique and minimal inconsistency cover set. Secondly, we present a systematic methodology for measuring safety loss and utility loss, and evaluate the safety-utility tradeoff for each choice. Thirdly, we present two prioritized-based resolutions to deal with policy inconsistencies based on safety-utility tradeoff. Finally, experiments show the effectiveness and efficiency of our approach.
Highlights
The safety and utility policies are very important in an access control system for ensuring security and availability when performing a certain task
We introduce the notion of strict availability (SA) policies, which is an example of utility policy that requires that the cooperation among at most a certain number of users is necessary to perform a task
We present a systematic methodology for measuring safety loss and utility loss, and evaluate the safety-utility tradeoff for each candidate resolution
Summary
The safety and utility policies are very important in an access control system for ensuring security and availability when performing a certain task. UCP (the Utility Checking Problem) is defined as follows: Given an access control state ε and a set F of SA policies, determining whether satF(ε) is true. An access control state can satisfy any SSoD policy if the state does not contain any user set that covers all the permissions needed to accomplish the sensitive task. CCP (the Consistency Checking Problem) is defined as follows: Given a set E of SSoD policies and a set F of SA policies, determining that whether there exists an access control state ε that satE(ε) ⋀ satF(ε) is true. Let us consider the following policy sets from Example 3 that can be removed to resolve the policy inconsistency. S1 and S2 are two ideal choices to resolve the policy inconsistency
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have