READ -- A Resolution and Abduction Based Approach for Policy Comparison in Organizational Collaboration

Abstract

The policy compliance problem is one of the categories of inconsistency problems existing between access control policies. One of the ways to cope with it is called policy comparison. In this paper we develop and use our approach to perform policy comparison, i.e. when newly specified access control policies for the resources are provided to be compared with certain original policy, we are able to ensure that the noncompliance problem between these newly specified policies and the original policies on the resources will be found. In this paper we propose the READ (Resolution and Abduction based) algorithm to be an approach of finding policy noncompliance. Our approach is based on the resolution and abduction work for Data log rules, and the evaluation of compliance is performed through set implication by Satisfiability Modulo Theories (SMT) Z3 prover. We will illustrate the implementation of READ algorithm with two examples from existing work and one example based on role based access control model.