Article

A stratification-based approach for handling conflicts in access control

Authors:
Salem Benferhat

CRIL-Université d'Artois, Lens Cedex, France

CRIL-Université d'Artois, Lens Cedex, France
View Profile

,
Rania El Baida

IRIT-Université Paul Sabatier, Toulouse Cedex 4, France

IRIT-Université Paul Sabatier, Toulouse Cedex 4, France
View Profile

,
Frédéric Cuppens

IRIT-Université Paul Sabatier, Toulouse Cedex 4, France

IRIT-Université Paul Sabatier, Toulouse Cedex 4, France
View Profile

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesJune 2003Pages 189–195https://doi.org/10.1145/775412.775437

Published:02 June 2003Publication History

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Pages 189–195

ABSTRACT

In the health care sector, access to medical information is more and more electronically achieved. Therefore, it is very important to define security policies which restrict access to pieces of information in order to guarantee security properties like confidentiality or integrity properties. These security policies are not always free of conflicts, in particular in the presence of exceptional situations.This paper proposes tools for access control, based on the notion of roles, in the possibilistic logic framework. We first show how to formalize basic concepts of security policies. Then we present two approaches for dealing with conflicts based on a stratification of security policy's rules. Finally, an example of health care is presented.

References

A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel, and G. Trouessin. Organization based access control. In Policy '03, 2003.Google ScholarCross Ref
S. Benferhat. Handling Hard Rules and Default Rules in Possibilistic Logic. In IPMU '94, pages 302--310, 1994. Google ScholarDigital Library
S. Benferhat, C. Cayrol, D. Dubois, J. Lang, and H. Prade. Inconsistency management and prioritized syntax-based entailment. In IJCAI '93, pages 640--645, 1993.Google Scholar
S. Benferhat, D. Dubois, and H. Prade. Nonmonotonic reasoning, conditional objects and possibility theory. Artificial Intelligence Journal, 1997. Google ScholarDigital Library
S. Benferhat, S. Dubois, andH. Prade. Representing default rules in possibilistic logic. In KR '92 , pages 673--684, Cambridge, MA, 1992.Google Scholar
S. Benferhat, S. Kaci, D. Le Berre, and M. Williams. Weakening Conflicting Information for Iterated Revision and Knowledge Integration. In IJCAI '01, pages 109--118, 2001. Google ScholarDigital Library
E. Bertino, S. Jajodia, and P. Samarati. Supporting Multiple Access Control Policies in Database Systems. In IEEE Symposium on Security and Privacy, Oakland, USA, 1996. Google ScholarDigital Library
S. Coste-Marquis and P. Marquis. Compiling Stratified Belief Bases. In ECAI2000 , Berlin, 2000.Google Scholar
A. Darwiche and P. Marquis. Compilation of propositional weighted bases. In NMR '2002, Toulouse, France, 2002.Google Scholar
G. Dinolt, L. Benzinger, and M. Yatabe. Combining Components and Policies. In Proc. of the Computer Security Foundations Workshop VII, Franconia, USA, 1994.Google ScholarCross Ref
D. Dubois, J. Lang, and H. Prade. Possibilistic logic. In Handbook of Logic in Artifical Intelligence and Logic Programming , volume 3, pages 439--513. Oxford University Press, 1994. Google ScholarDigital Library
C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible Team-Based Access Control Using Contexts. In SACMAT '01, 2001. Google ScholarDigital Library
J. Lang. Possibilistic logic:complexity and algorithms . In Algorithms for Uncertainty and Defeasible Reasoning, Rds:Kohlas, Jrg et Moral, Serafin, Eds: Kluwer Academic Publishers , Dordrecht, The Netherlands , V. 5 , Handbook of Defeasible Reasoning and Uncertainty Management Systems (Gabbay D., Smets P. Eds.), pages 179--220, 2001.Google Scholar
D. Lehmann and M. Magidor. What does a conditional knowledge base entail. In Artificial Intelligence , 1992. Google ScholarDigital Library
J. D. Moffett and M. S. Sloman. Policy Conflict analysis in Distributed Systems Management. Journal of Organizational Computing, 1994.Google Scholar
J. Pearl. System Z:A natural ordering of defaults with tractable applications to default reasoning. In TARK '90, 1990. Google ScholarDigital Library
N. Rescher and R. Manor. On inference from inconsistent premises. In Theory and Decision 1, 1970.Google Scholar
R. Sandhu. Role-Based Access Control. In Academic Press, editor, Advances in Computers , volume 46, 1998.Google Scholar
M. Wilikens, S. Feriti, and M. Masera. A context-related authorization access control method based on RBAC :a case study from the healthcare domain. In Sacmat '02 , 2002. Google ScholarDigital Library

Index Terms

A stratification-based approach for handling conflicts in access control
1. Applied computing
  1. Life and medical sciences
    1. Health care information systems

Recommendations

An ontology-based approach to improve access policy administration of attribute-based access control

Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ...
Read More
Building access control policy model for privacy preserving and testing policy conflicting problems

This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data ...
Read More
A propositional policy algebra for access control

Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies
June 2003
246 pages
ISBN:1581136811
DOI:10.1145/775412
General Chair:
Elena Ferrari
University of Insubria, Italy
,
Program Chair:
David Ferraiolo
National Institute of Standards & Technology, USA
Copyright © 2003 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 June 2003
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
conflicts
possibilistic logic
prioritized knowledge bases
security policy
Qualifiers
- Article
Conference

Acceptance Rates
SACMAT '03 Paper Acceptance Rate23of63submissions,37%Overall Acceptance Rate177of597submissions,30%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 693
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A stratification-based approach for handling conflicts in access control

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

An ontology-based approach to improve access policy administration of attribute-based access control

Building access control policy model for privacy preserving and testing policy conflicting problems

A propositional policy algebra for access control

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

A stratification-based approach for handling conflicts in access control

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

An ontology-based approach to improve access policy administration of attribute-based access control

Building access control policy model for privacy preserving and testing policy conflicting problems

A propositional policy algebra for access control

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media