Inconsistency Resolving of Safety and Utility in Access Control
Policy inconsistencies may arise between safety and utility policies due to their opposite objectives. In this paper, the authors provide a formal examination of policy inconsistencies resolution for the coexistence of Static Separation-of-Duty (SSoD) policies and Strict Availability (SA) policies. Firstly, the authors reduce the complexity of reasoning about policy inconsistencies by static pruning technique and minimal inconsistency cover set. Secondly, they present a systematic methodology for measuring safety loss and utility loss, and evaluate the safety-utility tradeoff for each choice. Thirdly, they present two prioritized-based resolutions to deal with policy inconsistencies based on safety-utility tradeoff. Finally, experiments show the effectiveness and efficiency of their approach.