A formal graph based framework for supporting authorization delegations and conflict resolutions

Chun Ruan, Vijay Varadharajan

    Research output: Contribution to journalArticle

    Abstract

    Authorization delegations and negations are two important features of a flexible access control model. When a system allows both authorization delegation and negation, conflict problems can become crucial since multiple administrators greatly increase the chance of conflicts. However the problem of handling conflicts in authorization delegations has not been explored by researchers. The existing conflict resolution methods seem limited for certain applications and cyclic authorizations can even lead to undesirable situations. This paper presents an authorization framework that can support authorization delegation for both positive and negative authorizations. A conflict resolution method based on the underlying grant-connectivity relation is proposed, which gives higher priorities to the predecessors to achieve controlled delegation. For conflicts where grantors are not grant-connected, our model supports multiple resolution policies so that users can select the specific one that best suits their requirements. In addition, cyclic authorizations are avoided and cascade overriding is supported when an administrative privilege is overridden. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labeled digraphs that provide a formal basis for proving the semantic correctness of our model.
    Original languageEnglish
    Number of pages12
    JournalInternational Journal of Information Security
    DOIs
    Publication statusPublished - 2003

    Keywords

    • access control
    • computer networks
    • computers
    • conflict management
    • problem solving
    • security measures

    Fingerprint

    Dive into the research topics of 'A formal graph based framework for supporting authorization delegations and conflict resolutions'. Together they form a unique fingerprint.

    Cite this