Inconsistency detection method for access control policies

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.

Original languageEnglish
Title of host publication2010 6th International Conference on Information Assurance and Security, IAS 2010
Pages204-209
Number of pages6
DOIs
Publication statusPublished - 2010
Event2010 6th International Conference on Information Assurance and Security, IAS 2010 - Atlanta, GA, United States
Duration: 23 Aug 201025 Aug 2010

Publication series

Name2010 6th International Conference on Information Assurance and Security, IAS 2010

Conference

Conference2010 6th International Conference on Information Assurance and Security, IAS 2010
Country/TerritoryUnited States
CityAtlanta, GA
Period23/08/1025/08/10

Keywords

  • Access control
  • Data classification
  • Decision tree
  • Inconsistency
  • Policy validation

Cite this