Resolving conflicts in authorization delegations

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

17 Citations (Scopus)

Abstract

In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor’s authorizations will always take precedence over the successor’s. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model.

Original languageEnglish
Title of host publicationInformation Security and Privacy - 7th Australasian Conference, ACISP 2002, Proceedings
EditorsLynn Batten, Jennifer Seberry
Place of PublicationNew York; London
PublisherSpringer, Springer Nature
Pages271-285
Number of pages15
Volume2384
ISBN (Print)3540438610, 9783540438618
Publication statusPublished - 2002
Externally publishedYes
Event7th Australasian Conference on Information Security and Privacy, ACISP 2002 - Melbourne, Australia
Duration: 3 Jul 20025 Jul 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2384
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th Australasian Conference on Information Security and Privacy, ACISP 2002
Country/TerritoryAustralia
CityMelbourne
Period3/07/025/07/02

Fingerprint

Dive into the research topics of 'Resolving conflicts in authorization delegations'. Together they form a unique fingerprint.

Cite this