Conflict handling strategies for partially ordered access control security policies

In access control security models, the users of an organization’s information system may be granted with conflicting privileges. This is usually the case when the underlying security policy implements both permission and prohibition rules. In this paper, we propose to capture uncertainty in security models, within the framework of possibility theory. We define efficient strategies for handling conflicting privileges derived by a security policy, based on priorities assigned to the permissions and prohibitions. We show that these strategies are in line with the possibilistic management of inconsistency in security policies.

In 2024 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM)