Abstract
Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Cuppens F, Cuppens-Boulahia N, Ghorbel B M. High Level Conflict Management Strategies in Advanced Access Control Models[J]. Electronic Notes in Theoretical Computer Science, 2007, 186: 3–26.
Benferhat S, Baida R E I, Cuppens F. A Stratification-Based Approach for Handling Conflicts in Access Control[C]//Proc of 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). New York: ACM Press, 2003: 189–195.
Cuppens F, Cholvy L, Saurel C, et al. Merging Regulations: Analysis of a Practical Example[J]. International Journal of Intelligent Systems, 2001, 16(11): 1223–1243.
Chomicki J, Lobo J, Naqvi S. A Logical Programming Approach to Conflict Resolution in Policy Management [EB/OL].[2007-11-17].http://citeseer.ist.psu.edu./chomicki00logic.html.
Jajodia S, Samarati P, Sapino M, et al. Flexible Support for Multiple Access Control Policies[J]. ACM Transactions on Database Systems, 2001, 26(2): 214–260.
Bertino E, Catania B, Ferrari E, et al. A Logical Framework for Reasoning about Access Control Models[J]. ACM Transactions on Information and System Security, 2003, 6(1): 71–127.
Bertino E, Catania B, Ferrari E, et al. On Comparing the Expressing Power of Access Control Model[EB/OL]. [2006-10-12]. http://www.cs.chalmers.se/~andrei/FCS04/bertino.ppt.
Moffett J, Sloman M. Policy Conflict Analysis in Distributed Systems Management[J]. Journal of Organizational Computing, 1994, 4(1): 1–22.
Brewka G, Niemelä I, Syrjänen T. Logic Programs with Ordered Disjunction[J]. Computational Intelligence, 2004, 20(2): 335–357.
Barker B, Stuckey P. Flexible Access Control Policy Specification with Constraint Logic Programming[J]. ACM Transactions on Information and System Security, 2003, 6(4): 501–546.
Barker S. Action-status Access Control[C] Proc of Symposium on Access Control Models and Technologies, SACMAT’07. New York: ACM Press, 2007: 20–22.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (60573009, 90718009)
Rights and permissions
About this article
Cite this article
Zhang, M., Zhang, M. An approach for handling conflicts in authorization. Wuhan Univ. J. Nat. Sci. 13, 626–630 (2008). https://doi.org/10.1007/s11859-008-0523-4
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0523-4