智能与分布计算实验室

Consistency Checking of Safety and Availability in Access Control

出版社:
  • 出版社:
  • 页数::491-502
  • 出版年:2010
摘要内容:

The safety and availability policies are very important inan access control system for ensuring security and success when perform-ing a certain task. However, con?icts may arise between safety and avail-ability policies due to their opposite focuses. In this paper, we address theproblem of consistency checking for safety and availability policies, es-pecially for the co-existence of static separation-of-duty (SSoD) policieswith availability policies, which determines whether there exists an accesscontrol state that satis?es all of these policies. We present criteria for de-termining consistency with a number of special cases, and show that thegeneral case and partial subcases of the problem are intractable (NP-hard)and in the Polynomial Hierarchy NPNP. We design an algorithm to e?-ciently solve the nontrivial size instances for the intractable cases of theproblem. The running example shows the validity of the proposed algo-rithm. The investigation will help the security o?cer to specify reasonableaccess control policies when both safety and availability policies coexist.

关键词:
  • Access control;availability;consistency checking;safety;separation-of-duty

出版社:
  • 出版社:

  • 页数::491-502

  • 出版年:2010

摘要内容:

The safety and availability policies are very important in an access control system for ensuring security and success when perform- ing a certain task. However, con?icts may arise between safety and avail- ability policies due to their opposite focuses. In this paper, we address the problem of consistency checking for safety and availability policies, es- pecially for the co-existence of static separation-of-duty (SSoD) policies with availability policies, which determines whether there exists an access control state that satis?es all of these policies. We present criteria for de- termining consistency with a number of special cases, and show that the general case and partial subcases of the problem are intractable (NP-hard) and in the Polynomial Hierarchy NPNP. We design an algorithm to e?- ciently solve the nontrivial size instances for the intractable cases of the problem. The running example shows the validity of the proposed algo- rithm. The investigation will help the security o?cer to specify reasonable access control policies when both safety and availability policies coexist.

关键词:
  • Access control;availability;consistency checking;safety;separation-of-duty