Efficiently Characterizing the Undefined Requests of a Rule-Based System - Archive ouverte HAL Access content directly
Conference Papers Year :

Efficiently Characterizing the Undefined Requests of a Rule-Based System

(1, 2, 3) , (1, 3) , (1, 3)
1
2
3

Abstract

Rule-based systems are used to define complex policies in several contexts, because of the flexibility and modularity they provide. This is especially critical for security systems, which may require to compose evolving policies for privacy, accountability, access control, etc. The inclusion of conflicting rules in complex policies, results in the inability of the system to unambiguously answer to certain requests, with possibly unpredictable effects. The static identification of these undefined requests is particularly challenging for unconstrained rule-based systems, including quantifiers, computations and chaining of rules. In this paper we introduce a static method to precisely characterize the set of all undefined requests for a given unconstrained rule-based system, providing the user with a global view of the rule conflicts. We propose an enumerative approach, made usable in practice by two key performance optimizations: a finer classification of the rules and the resort of the topological sorting. We demonstrate its application on a well-known policy with more than fifty rules.
Fichier principal
Vignette du fichier
main.pdf (606.56 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01828305 , version 1 (03-07-2018)

Identifiers

Cite

Zheng Cheng, Jean-Claude Royer, Massimo Tisi. Efficiently Characterizing the Undefined Requests of a Rule-Based System. IFM 2018 - 14th International Conference on integrated Formal Methods, Sep 2018, Maynooth, Ireland. pp.69-88, ⟨10.1007/978-3-319-98938-9_5⟩. ⟨hal-01828305⟩
263 View
134 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More