An Effective Modality Conflict Model for Identifying Applicable Policies During Policy Evaluation
Publish Year: 1397
نوع سند: مقاله ژورنالی
زبان: English
View: 265
This Paper With 12 Page And PDF Format Ready To Download
- Certificate
- من نویسنده این مقاله هستم
استخراج به نرم افزارهای پژوهشی:
شناسه ملی سند علمی:
JR_JACET-4-4_006
تاریخ نمایه سازی: 18 تیر 1398
Abstract:
Policy evaluation is a process to determine whether a request submitted by a user satisfies the access control policies defined by an organization. Modality conflict is one of the main issues in policy evaluation. Existing modality conflict detection approaches do not consider complex condition attributes such as spatial and temporal constraints. An effective authorization propagation rule is needed to detect the modality conflicts that occur among the applicable policies. This work proposes a modality conflict detection model to identify the applicable policies during policy evaluation, which supports an authorization propagation rule to investigate the class-subclass relationships of a subject, resource, action, and location of a request and a policy. The comparison with previous work is conducted, and findings show the solution which considers the condition attribute (i.e. spatial and temporal constraints) can affect the decision as to whether the applicable policies should be retrieved or not which further affect the accuracy of the modality conflict detection process. Whereas the applicable policies which are retrieved for a request can influence the detection of modality conflict among the applicable policies. In conclusion, our proposed solution is more effective in identifying the applicable policies and detecting modality conflict than the previous work.
Keywords:
Authors
Hamidah Ibrahim
Department of Computer Science Faculty of Computer Science and Information Technology
Fatimah Sidi
Department of Computer Science Faculty of Computer Science and Information Technology
Nur Izura Udzir
Department of Computer Science Faculty of Computer Science and Information Technology
Poh Kuang Teo
Department of Computer Science Faculty of Computer Science and Information Technology