For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Consistency Checking of Safety and Availability in Access Control
Ruixuan LI Jianfeng LU Zhengding LU Xiaopu MA
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2010/03/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Trust, Security and Privacy for Pervasive Applications)
access control, availability, consistency checking, safety, separation-of-duty,
Full Text: PDF>>
The safety and availability policies are very important in an access control system for ensuring security and success when performing a certain task. However, conflicts may arise between safety and availability policies due to their opposite focuses. In this paper, we address the problem of consistency checking for safety and availability policies, especially for the co-existence of static separation-of-duty (SSoD) policies with availability policies, which determines whether there exists an access control state that satisfies all of these policies. We present criteria for determining consistency with a number of special cases, and show that the general case and partial subcases of the problem are intractable (NP-hard) and in the Polynomial Hierarchy NPNP. We design an algorithm to efficiently solve the nontrivial size instances for the intractable cases of the problem. The running example shows the validity of the proposed algorithm. The investigation will help the security officer to specify reasonable access control policies when both safety and availability policies coexist.