Efficiently Characterizing the Undefined Requests of a Rule-Based System

Abstract : Rule-based systems are used to define complex policies in several contexts, because of the flexibility and modularity they provide. This is especially critical for security systems, which may require to compose evolving policies for privacy, accountability, access control, etc. The inclusion of conflicting rules in complex policies, results in the inability of the system to unambiguously answer to certain requests, with possibly unpredictable effects. The static identification of these undefined requests is particularly challenging for unconstrained rule-based systems, including quantifiers, computations and chaining of rules. In this paper we introduce a static method to precisely characterize the set of all undefined requests for a given unconstrained rule-based system, providing the user with a global view of the rule conflicts. We propose an enumerative approach, made usable in practice by two key performance optimizations: a finer classification of the rules and the resort of the topological sorting. We demonstrate its application on a well-known policy with more than fifty rules.
Complete list of metadatas

Cited literature [27 references]  Display  Hide  Download

https://hal.inria.fr/hal-01828305
Contributor : Zheng Cheng <>
Submitted on : Tuesday, July 3, 2018 - 5:52:04 PM
Last modification on : Tuesday, March 26, 2019 - 9:25:23 AM
Long-term archiving on : Monday, October 1, 2018 - 6:38:22 AM

File

main.pdf
Files produced by the author(s)

Identifiers

Citation

Zheng Cheng, Jean-Claude Royer, Massimo Tisi. Efficiently Characterizing the Undefined Requests of a Rule-Based System. IFM 2018 - 14th International Conference on integrated Formal Methods, Sep 2018, Maynooth, Ireland. pp.69-88, ⟨10.1007/978-3-319-98938-9_5⟩. ⟨hal-01828305⟩

Share

Metrics

Record views

294

Files downloads

101