Detecting indirect conflicts between access control policies

Abstract

Access control policies permit, prohibit or oblige subjects to perform actions on resources. In systems where multiple policies are described, conflicts among such policies can arise. Two policies are in conflict when the fulfillment of one policy violates the other and vice-versa. On the one hand, direct conflicts are detected by observing the overlap of policy elements (i.e., subjects, actions and objects). On the other hand, indirect conflicts can only be detected when implicit relationships between subjects, objects and actions of two policies are analyzed. This paper presents several relationships that can be used between the elements of the policies together with their propagation rules and conflict detection rules. The propagation rules propagate policies applied to an organization, entity or object to other organizations, entities or objects related to it. The conflict rules are used to check for conflicts between pairs of policies by taking into account the relationships between the elements of the policies.