Detection of conflicts in security policies

Abstract Tools are needed to support the analysis of the security policies, and a crucial element that signals problems in the policies is represented by the presence of conflicts (contradictions or ambiguities in the policy specification, which may lead to anomalies in the application of the policy). Several types of conflict can be identified. Each type has been the subject of significant investigation, and several approaches and techniques have been examined for their detection and management. Rather than present exhaustive coverage, the chapter seeks to identify common approaches to identifying security conflicts, considering three relevant scenarios: access control policies, policy execution, and network protection. The chapter focuses on the detection of conflicts. Limited attention is given to ways to manage a detected conflict. The basic assumption of the chapter is that the security administrator is notified of each detected conflict and that he will have the responsibility of choosing the correct approach to manage the conflict. In large policies, the number of notifications can be large, and the need arises to have tools that automatically manage conflicts by introducing corrections to the policy that follow a specific optimization criterion. We give only limited attention to this aspect.