Flexible resolution of authorisation conflicts in distributed systems
Autor: | Dong, C., Russello, G., Dulay, N., De Turck, F., Kellerer, W., Kormentzas, G. |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2008 |
Předmět: | |
Zdroj: | Managing Large-Scale Service Deployment: 19th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2008, Samos Island, Greece, September 22-26, 2008, Proceedings, 95-108 STARTPAGE=95;ENDPAGE=108;TITLE=Managing Large-Scale Service Deployment Managing Large-Scale Service Deployment ISBN: 9783540859994 DSOM 19th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management |
ISSN: | 0302-9743 |
Popis: | Managing security in distributed systems requires flexible and expressive authorisation models with support for conflict resolution. Models need to be hierarchical but also non-monotonic supporting both positive and negative authorisations. In this paper, we present an approach to resolve the authorisation conflicts that inevitably occur in such models, with administrator specified conflict resolution strategies (rules). Strategies can be global or applied to specific parts of a system and dynamically loaded for different applications. We use Courteous Logic Programs (CLP) for the specification and enforcement of strategies. Authorisation policies are translated into labelled rules in CLP and prioritised. The prioritisation is regulated by simple override rules specified or selected by administrators. We demonstrate the capabilities of the approach by expressing the conflict resolution strategy for a moderately complex authorisation model that organises subjects and objects hierarchically. |
Databáze: | OpenAIRE |
Externí odkaz: |