AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (3.9 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Conflict Analysis and Detection Based on Model Checking for Spatial Access Control Policy

School of Computer Science and Technology, China University of Mining and Technology, Xuzhou 221116, China.
School of Environment Science and Spatial Informatics, China University of Mining and Technology, Xuzhou 221116, China.
Show Author Information

Abstract

In this paper, we propose a Multi-granularity Spatial Access Control (MSAC) model, in which multi-granularity spatial objects introduce more types of policy rule conflicts than single-granularity objects do. To analyze and detect these conflicts, we first analyze the conflict types with respect to the relationship among the policy rules, and then formalize the conflicts by template matrices. We designed a model-checking algorithm to detect potential conflicts by establishing formalized matrices of the policy set. Lastly, we conducted experiments to verify the performance of the algorithm using various spatial data sets and rule sets. The results show that the algorithm can detect all the formalized conflicts. Moreover, the algorithm’s efficiency is more influenced by the spatial object granularity than the size of the rule set.

Keywords

spatial objectmulti-granularityconflict detectionmodel-checking

References

[1]
Matheus A., Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure, presented at the 10th ACM Symposium on Access Control MODELS and Technologies, Stockholm, Sweden, 2005.
Crossref
[2]
Sasaoka L. K. and Medeiros C. B., Access control in geographic databases, in Advances in Conceptual Modeling—Theory and Practice. Springer Berlin Heidelberg, 2006, pp. 110-119.
Crossref
[3]
Bertino E., Catania B., Damiani M. L., and Perlasca P, GEO-RBAC: A spatially aware RBAC, presented at 10th ACM Symposium on Access Control MODELS and Technologies, Stockholm, Sweden, 2005.
Crossref
[4]
Chandran S. M. and Joshi J. B. D., LoT-RBAC: A location and time-based RBAC model, in Web Information Systems Engineering-WISE 2005, 2005, pp. 361-375.
Crossref
[5]
Atluri V. and Chun S. A., A geotemporal role-based authorization system, International Journal of Information and Computer Security, vol. 1, no. 12, pp. 143-168, 2007.
Crossref Google Scholar
[6]
Ray I. and Toahehoodee M., A spatio-temporal role-based access control model, in Ifip Wg 11.3 Working Conf. on Data and Applications Security, Springer-Verlag, 2007, pp. 211-226.
Crossref
[7]
Damiani M. L., Bertino E., and Silvestri C., Spatial domains for the administration of location-based access control policies, Journal of Network and Systems Management, vol. 16, no. 3, pp. 277-302, 2008.
Crossref Google Scholar
[8]
Matheus A., Security considerations on processing of geospatial information in the cloud, in 4th Int. Conf. on Computing for Geospatial Research and Application, 2013, pp. 82-86.
Crossref
[9]
Lin G. and Wang D., MTBAC: A mutual trust based access control model in cloud computing, China Communications, vol. 11, no. 4, pp. 154-162, 2014.
Crossref Google Scholar
[10]
Ye X., Privacy preserving and delegated access centrol for cloud application, Tsinghua Science and Technology, vol. 20, no. 1, pp. 40-54, 2016.
Crossref Google Scholar
[11]
Fisler K., Krishnamurthi S., Meyerovich L. A., and Tschantz M. C., Verification and change-impact analysis of access control policies, in Proc. of the 27th Int. Conference on Software Engineering, St Louis, MO, USA, 2005, pp. 196-205.
Crossref
[12]
Knorr K., Multilevel security and information flow in Petri net workflows, in Proc. of the 9th International Conference on Telecommunication Systems-Modeling and Analysis, 2001, pp. 9-20.
[13]
Ahmad I., Abdullah A. B., and Alghamdi A. S., Distributed denial of service attacks detection using support vector machine, Information—An International Interdisciplinary Journal, vol. 14, no. 1, pp. 127-134, 2011.
Google Scholar
[14]
Davy S., Jennings B., and Strassner J., The policy continum-Policy authoring and conflict analysis, Computer Communications, vol. no. 31, pp. 2981-2995, 2008.
Crossref Google Scholar
[15]
Lee C. L., Lin G. Y., and Chen Y. C., An efficient conflict detection algorithm for packet filters, IEICE Trans. on Inf.& Sys., vol. 95, no. 2, pp. 472-479, 2012.
Crossref Google Scholar
[16]
Wang Y. Z. and Feng D. G., A conflict and redundancy analysis method for XACML rules, (in Chinese), ; Journal of Computers, vol. 32, no. 3, pp. 516-529, 2009.
Google Scholar
[17]
Zhang A. J., Gao J. X., Ji C., Sun J., and Bao Y., Multi-granularity spatial-temporal access control model for web GIS, Trans. of Nonferrous Metals Society of China, vol. 24, no. 9, pp. 2946-2953, 2014.
Crossref Google Scholar
[18]
Bonatti P., Vimercad S. D., and Samarali P., An algebra for composing access control policies, ACM Trans. on Inf. & Sys. Security, vol. 5, no. 1, pp. 1-35, 2002.
Crossref Google Scholar
[19]
Bandara A. K., A formal approach to analysis and refinement of policies, Ph.D. dissertation, Imperial College London, London, UK, 2005.
[20]
Hamed H., Al-Shaer E., and Marrero W., Modeling and verification of IPSec and VPN security policy, in Proc. of the 13th IEEE International Conference on Network Protocols, Boston, MA, USA, 2005, pp. 259-278.
Tsinghua Science and Technology
Volume 22 Issue 5,
October 2017
Pages 478-488
DOI: 10.23919/TST.2017.8030537
Cite this article:
Zhang A, Ji C, Bao Y, et al. Conflict Analysis and Detection Based on Model Checking for Spatial Access Control Policy. Tsinghua Science and Technology, 2017, 22(5): 478-488. https://doi.org/10.23919/TST.2017.8030537

523

Views

16

Downloads

3

Crossref

N/A

Web of Science

4

Scopus

0

CSCD

Altmetrics
Received: 21 October 2016
Accepted: 21 December 2016
Published: 11 September 2017
© The author(s) 2017
Return