ISSN 1000-1239 CN 11-1777/TP

• Paper • Previous Articles     Next Articles

A DAG-Based Security Policy Conflicts Detection Method

Yao Jian, Mao Bing, and Xie Li   

  1. (State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093) (Department of Computer Science and Technology, Nanjing University, Nanjing 210093)
  • Online:2005-07-15

Abstract: Policies are increasingly used in the field of security management. Security policies confliction is one of the most difficult problems in this field. The shortcoming of previous methods on security policies confliction detection is analyzed. Security policies are considered a kind of relation between subject and object about authority or obligation. Subjects and objects are elements in a distributed system. In researching relations among the elements in the distributed system, a conception of “field” is provided. The relations of fields can express the relations among the elements in the distributed system. A directed acycline graph model is given in order to precisely describe the relations of fields. A quantity method based on the model to detect security policy conflicts is then presented. A number of cases on security policy confliction are studied to prove the method correctness and availability. Finally, the algorithmic complexity is analyzed, which is in direct proportion to the number or square number of vertexes in the directed acycline graph. Data from experiments is also provided to support the conclusion. The way on security policy conflicts detection is extended and security policy practicability is provided.

Key words: security management, security policy, directed acycline graph, conflict detection