Expression Tree-based Policy Conflict Detection Algorithm

2021 International Conference on Networking and Network Applications (NaNA) Pub Date : 2021-10-01 DOI:10.1109/NaNA53684.2021.00069

Xue Wang, Hao Zhang, Kaijun Wu

{"title":"Expression Tree-based Policy Conflict Detection Algorithm","authors":"Xue Wang, Hao Zhang, Kaijun Wu","doi":"10.1109/NaNA53684.2021.00069","DOIUrl":null,"url":null,"abstract":"In attribute-based access control services, there are problems such as cumbersome policy control, prone to authorization conflicts, and conflicts caused by complex attribute structures are not easy to identify. Due to the difficulty of the conflict detection problem, most of the detection methods have strict requirements for policy structure. Normally, the priority strategy are chosen uniformly when using the directed acyclic graph approach to disambiguate conflict rule pairs. The present methods are not thorough, flexible and user-friendly for the policy design in practical applications. To address these problems, an access control policy conflict detection algorithm based on intersection of target expression trees under the XACML (eXtensible Access Control Markup Language) specification is proposed. The method efficiently locates the conflict rule pairs based on the index structure through policy tree and rule effects, determines the conflict by expression comparison n, and marks the possible causes of the conflict, provides analysis of the disambiguation scheme, and achieves access control with fine granularity.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00069","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In attribute-based access control services, there are problems such as cumbersome policy control, prone to authorization conflicts, and conflicts caused by complex attribute structures are not easy to identify. Due to the difficulty of the conflict detection problem, most of the detection methods have strict requirements for policy structure. Normally, the priority strategy are chosen uniformly when using the directed acyclic graph approach to disambiguate conflict rule pairs. The present methods are not thorough, flexible and user-friendly for the policy design in practical applications. To address these problems, an access control policy conflict detection algorithm based on intersection of target expression trees under the XACML (eXtensible Access Control Markup Language) specification is proposed. The method efficiently locates the conflict rule pairs based on the index structure through policy tree and rule effects, determines the conflict by expression comparison n, and marks the possible causes of the conflict, provides analysis of the disambiguation scheme, and achieves access control with fine granularity.

查看原文本刊更多论文

基于表达式树的策略冲突检测算法

在基于属性的访问控制服务中，存在策略控制繁琐、容易发生授权冲突、属性结构复杂导致的冲突不易识别等问题。由于冲突检测问题的难度，大多数检测方法对策略结构都有严格的要求。通常使用有向无环图方法对冲突规则对进行消歧时，优先级策略是统一选择的。目前的方法对于实际应用中的政策设计不够彻底、灵活和人性化。针对这些问题，提出了一种基于XACML (eXtensible access control Markup Language，可扩展访问控制标记语言)规范下目标表达式树交集的访问控制策略冲突检测算法。该方法通过策略树和规则效果有效地定位基于索引结构的冲突规则对，通过表达式比较n确定冲突，并标记冲突的可能原因，提供消歧方案分析，实现细粒度访问控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Networking and Network Applications (NaNA)

自引率

0.00%

发文量