A conflict-related rules detection tool for access control policy

Abstract

Conflict detection is an important issue of the Access Control Policy. Most conflict detection tools mainly focus on the two rules that have contrary actions, but there are also other rules which are necessary to the conflict situation, which is not considered in these tools. This paper defines all these rules related to the conflict situation as the concept "conflict-related rules", and gives a conflict-related rules detection tool for Access Control Policy which can report the conflict situation more comprehensively. By giving the semantics model of the access control policy and the definition of conflict, we prove the necessary and sufficient condition of conflict, and then give the concept of "conflict-related rules" and deduce its extension. We implement conflict-related rules detection tool based on the description logic, and the experiment results validate the tool's correctness and effectiveness. The results of the correctness experiment showed that instead of detecting the two rules with opposite actions only, it detected all the conflict-related rules for access control policy; the results of the effectiveness experiment showed that our tool's response performance is better than VPN based tools. © Springer-Verlag Berlin Heidelberg 2013.