Consistency Checking of Safety and Availability in Access Control

Ruixuan LI  Jianfeng LU  Zhengding LU  Xiaopu MA  

IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.3   pp.491-502
Publication Date: 2010/03/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.491
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Trust, Security and Privacy for Pervasive Applications)
access control,  availability,  consistency checking,  safety,  separation-of-duty,  

Full Text: PDF>>
Buy this Article

The safety and availability policies are very important in an access control system for ensuring security and success when performing a certain task. However, conflicts may arise between safety and availability policies due to their opposite focuses. In this paper, we address the problem of consistency checking for safety and availability policies, especially for the co-existence of static separation-of-duty (SSoD) policies with availability policies, which determines whether there exists an access control state that satisfies all of these policies. We present criteria for determining consistency with a number of special cases, and show that the general case and partial subcases of the problem are intractable (NP-hard) and in the Polynomial Hierarchy NPNP. We design an algorithm to efficiently solve the nontrivial size instances for the intractable cases of the problem. The running example shows the validity of the proposed algorithm. The investigation will help the security officer to specify reasonable access control policies when both safety and availability policies coexist.