Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability

Free registration required

Executive Summary

Access-control policies can be stated more succinctly if they support both rules that grant access and rules that deny access, but this introduces the possibility that multiple rules will give conflicting conclusions for an access. In this paper, the authors compare a new conflict-resolution method, which uses first specificity and then deny precedence, to the conflict-resolution method used by Windows NTFS, which sometimes uses deny precedence before specificity. The authors show that the conflict-resolution method leads to a more usable policy-authoring system compared with the Windows method.

  • Format: PDF
  • Size: 311.39 KB