Title:
Detection of Conflicts and Inconsistencies in Taxonomy-based Authorization Policies
Detection of Conflicts and Inconsistencies in Taxonomy-based Authorization Policies
Author(s)
Mohan, Apurva
Blough, Douglas M.
Kurc, Tahsin
Post, Andrew
Saltz, Joel
Blough, Douglas M.
Kurc, Tahsin
Post, Andrew
Saltz, Joel
Advisor(s)
Editor(s)
Collections
Supplementary to
Permanent Link
Abstract
The values of data elements stored in biomedical
databases often draw from biomedical ontologies. Authorization
rules can be defined on these ontologies to control access
to sensitive and private data elements in such databases.
Authorization rules may be specified by different authorities
at different times for various purposes, and as such policy
rules may conflict with each other, inadvertently allowing
access to sensitive information. Detecting policy conflicts is nontrivial
because it involves identification of applicable rules and
detecting conflicts among them dynamically during execution
of data access requests. It also requires dynamically verifying
conformance with required policies and logging relevant
information about decisions for audit. Another problem in
biomedical data protection is inference attacks, in which a
user who has legitimate access to some data elements is able to
infer information related to other data elements. This type of
inadvertent data disclosure should be prevented by ensuring
policy consistency; that is, data elements which can lead to
inference about other data elements should be protected by
the same level of authorization policies as the other data
elements. We propose two strategies; one for detecting policy
consistencies to avoid potential inference attacks and the other
for detecting policy conflicts. We have implemented these
algorithms in Java language and evaluated their execution
times experimentally.
Sponsor
Date Issued
2011
Extent
Resource Type
Text
Resource Subtype
Technical Report