{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:41:29Z","timestamp":1762004489027},"reference-count":27,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,10]]},"abstract":"<jats:p>In collaborative environments where resources must be shared across multiple sites, the access control policies of the participants must be combined in order to define a coherent policy. The relevant challenge in composing access policies is to deal with inconsistencies or modality conflicts. This difficulty exacerbates when the policies to compose are specified independently by different entities with no global power to decide in case of conflicts which entity must take precedence. This paper presents a semi-automated framework called Policy Composition and Conflict Resolution framework (P2CR) to address this issue. They focus on access control policies expressed as XACML statements. The authors propose a three-level conflicts resolution strategy: i) by using metadata added to the policies, ii) by using a defeasible logic theory, and iii) by providing recommendations to the entities owners of the resources. First, they provide a mechanism to add metadata to XACML. Second, they combine the access policies without prioritizing any of the entities involved in the composition. Given the context of the authors\u2019 work, they consider this approach to be more suitable than the current approaches that are mainly negotiation-oriented or assign priorities to the policies. Finally, the resulting composite policy appears flexible and easily adjustable to runtime conflicts.<\/jats:p>","DOI":"10.4018\/jsse.2012100101","type":"journal-article","created":{"date-parts":[[2013,2,6]],"date-time":"2013-02-06T18:18:56Z","timestamp":1360174736000},"page":"1-26","source":"Crossref","is-referenced-by-count":2,"title":["A Practical Framework for Policy Composition and Conflict Resolution"],"prefix":"10.4018","volume":"3","author":[{"given":"Ousmane Amadou","family":"Dia","sequence":"first","affiliation":[{"name":"Computer Science and Engineering Department, University of South Carolina, Columbia, SC, USA"}]},{"given":"Csilla","family":"Farkas","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering Department, University of South Carolina, Columbia, SC, USA"}]}],"member":"2432","reference":[{"key":"jsse.2012100101-0","unstructured":"Agrawal, D., Giles, J., Lee, K., & Lobo, J. (2007, June). Policy ratification. In Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks."},{"key":"jsse.2012100101-1","doi-asserted-by":"crossref","unstructured":"Backes, M., Karjoth, G., Bagga, W., & Schunter, M. (2004, June). Efficient comparison of enterprise privacy policies. In Proceedings of the ACM Symposium on Applied Computing (pp. 223-232).","DOI":"10.1145\/967900.967983"},{"key":"jsse.2012100101-2","doi-asserted-by":"crossref","unstructured":"Bertolissi, C., & Fernandez, M. (2008, July). A rewriting framework for the composition of access control policies. In Proceedings of the 10th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (pp. 217-225).","DOI":"10.1145\/1389449.1389476"},{"key":"jsse.2012100101-3","doi-asserted-by":"crossref","unstructured":"Bonatti, P., Vimercati, S., De Capitani, D., & Samarati, P. (2000). A modular approach to composing access control policies. In Proceedings of the 7th ACM Conference on Computer and Communications Security (pp. 164-173).","DOI":"10.1145\/352600.352623"},{"key":"jsse.2012100101-4","doi-asserted-by":"crossref","unstructured":"Bruns, G., Dantas, D. S., & Huth, M. (2007, November). A simple and expressive semantic framework for policy composition in access control. In Proceedings of the ACM Workshop on Formal Methods in Security Engineering (pp. 12-21).","DOI":"10.1145\/1314436.1314439"},{"key":"jsse.2012100101-5","doi-asserted-by":"crossref","unstructured":"Cholvy, L., & Cuppens, F. (1997, May). Analyzing consistency of security policies. In Proceedings of the IEEE Symposium on Security and Privacy (p. 103).","DOI":"10.1109\/SECPRI.1997.601324"},{"key":"jsse.2012100101-6","doi-asserted-by":"publisher","DOI":"10.1109\/9.867045"},{"key":"jsse.2012100101-7","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2007.01.064"},{"key":"jsse.2012100101-8","unstructured":"Dong, C., Russello, G., & Dulay, N. (2008). Flexible resolution of authorization conflicts in distributed systems. In Proceedings of the 19th IFIP\/IEEE International Workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment (pp. 95-108)."},{"key":"jsse.2012100101-9","author":"G.Governatori","year":"2004","journal-title":"Defeasible description logic"},{"key":"jsse.2012100101-10","doi-asserted-by":"crossref","unstructured":"Hu, H., Ahn, G., & Kulkarni, K. (2011, June). Anomaly discovery and resolution in web access control policies. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (pp. 165-174).","DOI":"10.1145\/1998441.1998472"},{"key":"jsse.2012100101-11","doi-asserted-by":"publisher","DOI":"10.1145\/383891.383894"},{"key":"jsse.2012100101-12","doi-asserted-by":"crossref","unstructured":"Kolovski, V., Hendler, J., & Parsia, B. (2007, May). Analyzing web access control policies. In Proceedings of the International World Wide Web Conference.","DOI":"10.1145\/1242572.1242664"},{"key":"jsse.2012100101-13","doi-asserted-by":"crossref","unstructured":"Lee, A. J., Boyer, J. P., Olson, L. E., & Gunter, C. A. (2006, November). Defeasible security policy composition for web services. In Proceedings of the Fourth ACM Workshop on Formal Methods in Security (pp. 45-54).","DOI":"10.1145\/1180337.1180342"},{"key":"jsse.2012100101-14","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-010-0106-1"},{"key":"jsse.2012100101-15","doi-asserted-by":"publisher","DOI":"10.1109\/32.824414"},{"key":"jsse.2012100101-16","doi-asserted-by":"crossref","unstructured":"Mazzoleni, P., Bertino, E., & Crispo, B. (2008, February). XACML policy integration algorithms. In Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies (pp. 219-227).","DOI":"10.1145\/1330295.1330299"},{"key":"jsse.2012100101-17","article-title":"Policy conflict analysis in distributed system management.","author":"J. D.Moffett","year":"1993","journal-title":"Journal of Organizational Computing"},{"key":"jsse.2012100101-18","doi-asserted-by":"crossref","unstructured":"Mohan, A., & Blough, D. M. (2010). An attribute-based authorization policy framework with dynamic conflict resolution. In Proceedings of the 9th Symposium on Identity and Trust on the Internet (pp. 37-50).","DOI":"10.1145\/1750389.1750395"},{"key":"jsse.2012100101-19","unstructured":"Nadalin, A. (2002). Web services security policy language. Web services specification. Retrieved from http:\/\/www.verysign.com\/wss\/WS-SecurityPolicy.pdf"},{"key":"jsse.2012100101-20","doi-asserted-by":"crossref","unstructured":"Ni, Q., Bertino, E., & Lobo, J. (2009, March). D-algebra for composing access control policy decisions. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (pp. 298-309).","DOI":"10.1145\/1533057.1533097"},{"key":"jsse.2012100101-21","doi-asserted-by":"crossref","unstructured":"Rao, P., Lin, D., Bertino, E., Lui, N., & Lobo, J. (2009, July). An algebra for fine-grained integration of XACML policies. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (pp. 63-72).","DOI":"10.1145\/1542207.1542218"},{"key":"jsse.2012100101-22","unstructured":"RDQL. (n.d.). Tutorial. Retrieved from http:\/\/phpxmlclasses.sourceforge.net\/rdql.html"},{"key":"jsse.2012100101-23","unstructured":"Reeder, R. W., Bauer, L., Cranor, L. F., Reiter, M. K., & Vaniea, K. (2009). Effects of access-control policy conflict-resolution methods on policy-authoring usability (Tech. Rep. No. CMU-CyLab-09-06-006). Pittsburgh, PA: Carnegie Mellon University."},{"key":"jsse.2012100101-24","unstructured":"XACML. (2005). Extensible access control markup language (XACML) version 2.0. Retrieved from http:\/\/docs.oasis-open.org\/xacml\/2.0"},{"key":"jsse.2012100101-25","doi-asserted-by":"crossref","unstructured":"Yau, S. S., & Chen, Z. (2008). Security policy integration and conflict reconciliation for collaborations among organizations in ubiquitous computing environments. In F. E. Sandnes, Y. Zhang, C. Rong, L. T. Yang, & J. Ma (Eds.), Proceedings of the 5th International Conference on Ubiquitous Intelligence and Computing (LNCS 5061, pp. 3-19).","DOI":"10.1007\/978-3-540-69293-5_3"},{"key":"jsse.2012100101-26","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=74842","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,13]],"date-time":"2018-11-13T19:16:01Z","timestamp":1542136561000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2012100101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,10]]},"references-count":27,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2012100101","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,10]]}}}