Research On Policy Conflict Detection And Resolution Based On Matrix

Access control policy is the basis for access control management,however,as data system becomes more complex,there are more and more policies.Because of negligence of administrator and different requirements in system,these policies will conflict when executed.These conflicts may cause system access control to fail and can not protect the date securely.If the conflicts are eliminated only by administrators,the workload is huge and the the efficiency is extremely low.This paper presents a scheme which detects and solves the access control policy conflict based the matrix.The scheme solves the problems of self-type formal conflict and inter formal conflict.The main research work of this thesis is as follows:(1)Based on the analysis of formal description on access control policy,a scheme that describes the self-type formal conflict policy and inter formal conflict is proposed.The simple policy set is transformed into linear form by linear transformation,then transformed into transformation matrix.The separation of static principle and availability principle are used to describing two types of policies.(2)In order to detect the self-type formal conflict and inter formal conflict,a detection method is proposed based on formal description.In the method,the logic of simple policy set,the relationship of linear policy,the characteristic row and columns in the transformation matrix are judged to detecting the self-type formal conflict,and detecting the inter formal conflict is based on separation of static principle and availability principle.(3)In order to solve the conflict,the solution method based on transformation matrix and priority is proposed.The relationship of row and column in the transformation matrix is judged based on the logic between the column vectors for solving self-type formal conflict.To solving the inter formal conflict,the priorities of policy are calculated by conflict area and self frequency,then the policy set has consistency by editing in the queue of policy priority.At last,the detection and solution is tested.The efficiency of detection algorithm is higher 13% and 16% than recursive algorithm and decision-tree algorithm.The solution algorithm is less 28% loss of policy than directly removing algorithm.