Edited by

The detection and resolution of constraint conflicts in RBAC have been overlooked and remain a significant research challenge. To address these concerns, in this paper, we classify constraint conflicts into two categories: internal constraint conflicts that occur when two or more constraints are deemed incompatible with each other and external constraint conflicts that occur when the configuration of a RBAC system violates the defined constraints, and propose a set of detection rules for these conflicts. Furthermore, we introduce the notions of resolution value and valid resolution value, and show how they are useful in guiding external constraint conflict resolution. Introduction Role-based access control (RBAC) is known as the most suitable access control model for enterprise organizations. The importance of the constraints in RBAC has been recognized for a long time[1]. In the past decade, a considerable amount of work [2-5] has been done on RBAC constraints. However, the focus of these researches has been predominantly on the specification of RBAC constraints. Effective conflict detection and resolution methods used to maintain the consistency between constraints have been overlooked and remain a significant research challenge. Strembeck [6] discussed the conflict checking of separation of duty constraints in RBAC and presented conflict checking methods as implemented in the xoRBAC software component. Moon [7] addressed the issue of conflict detection to maintain the consistency of permission assignment constraints in RBAC. However, the conflict detection and resolution methods used to maintain the consistency between constraints have not been addressed. Janpitak [8] proposes a simple but effective model to solve the problem of the dynamic separation of duties.The conflict of interest can be verified at run time. But the model cannot support role hierarchies in RBAC. To address the problem, we propose in this paper the following approaches: We classify constraint conflicts into two categories: internal constraint conflicts and external constraint conflicts. Internal constraint conflicts refer to the conflicts exhibited by two or more incompatible constraints. External constraint conflicts refer to the conflicts exhibited by the configuration of a RBAC system and the constraints defined in the system. We give several conflict detection rules for internal constraint conflicts by the definition of Foundation Item: Project (No. 2009C03015-1) supported by the Large Science and Technology Special Program of Zhejiang Province. Corresponding author: QIU Jiong, Associate Professor; Tel: +86-13805742886; E-mail: [email protected] 2012 International Conference on Affective Computing and Intelligent Interaction Lecture Notes in Information Technology, Vol.10 978-1-61275-004-0/10/$25.00 ©2012 IERI ICACII2012 1 constraint conflict graph. An effective detection rule for external constraint conflicts is proposed by defining two concepts, RBAC configuration graph and conflict pattern. An approach to external constraint conflict resolution is proposed. RBAC model We will base our discussion on RBAC96. In this section, we provide an overview of the central concepts within the model. A role hierarchy is a partial order on roles called the inheritance relation, written as ≥, where ri ≥ rj only if all permissions of rj are also permissions of ri. Users are associated with roles using the user–role assignment relation UA⊆U × R. If there exists a pair (u, r)⊆UA, then role r is explicitly assigned to user u. Permissions are associated with roles using the permission-role assignment relation PA⊆P × R. If there exists a pair (p, r)⊆PA, then permission p is explicitly assigned to role r. Constraints are a powerful mechanism for laying out higher-level organizational policy. The specification of constraints in RBAC Constraints proposed in RBAC models can be classified into three broad categories: 1. Separation of Duty (SoD) constraints: SoD constraints aim at reducing the risk of fraud by not allowing any individual to have sufficient authority within the system to perpetrate a fraud on his/her own. In this paper, we focus on static SoD constraints. Three varieties of static SoD constraints have been proposed so far: Conflicting role constraints: Let CR represent the collection of conflicting role sets, CR={cr1,cr2,...,crn},where cri (i=1,...,n) denotes a conflicting role set. Two or more roles of a conflicting role set cannot be assigned to the same user. Conflicting permission constraints: Let CP represent the collection of conflicting permission sets, CP={cp1,cp2,...,cpm},where cpi (i=1,...,m) denotes a conflicting permission set. Two or more permissions belonging to a conflicting permission set cannot be assigned to the same role. Conflicting user constraints: Let CU represent the collection of conflicting user sets, CU={cu1,cu2,...,cut},where cui (i=1,...,t) denotes a conflicting user set. Two conflicting users cannot have roles in the same conflicting role set. 2. Cardinality constraints: A cardinality constraint can be formally defined as (r, n). Where r is the role associated with the constraint; n denotes the numerical limitation for the role. 3. Prerequisite constraints: Prerequisite constraints are defined based on competency and appropriateness whereby a user can be assigned role r1 only if the user is already a member of role r2, or a permission p1 can be assigned to a role only if the role already possesses permission p2. Constraint conflict detection and resolution Definition 1 (Internal Constraint Conflict). Internal constraint conflicts occur when two or more constraints are deemed incompatible with each other. For example, there exists a prerequisite role constraint in which role r1 is defined as a prerequisite role of role r2; whereas, there exists another prerequisite role constraint in which role r2 is defined as a prerequisite role of role r1. In this case, the two constraints are contradictory and exhibit an internal constraint conflict. Definition 2 (External Constraint Conflict). External constraint conflicts occur when the configuration of a RBAC system doesn’t satisfy the constraints defined in the system. For example, if a new conflicting role set consisting of two roles r1 and r2 is created, and there is an existing inheritance relationship between r1 and r2 in the role hierarchy, then an external constraint conflict occurs. Internal constraint conflict detection. Definition 3 (Constraint Conflict Graph). Constraint conflict graph is used by the security administrator to understand internal constraint conflicts easily and to detect internal constraint conflicts effectively. Constraint conflict graph is a multi graph,