Using the decision support algorithms combining different security policies

TL;DR

This paper introduces a decision support algorithm that combines multiple security policies using weighted sums and the analytic hierarchy process, enabling flexible and conflict-resolving access control decisions.

Contribution

It presents a novel method for integrating multiple security policies with adjustable weights to resolve conflicts in access control decisions.

Findings

The algorithm effectively manages conflicting security policies.

Adjustable weights allow flexible policy impact control.

The method supports consistent access decision-making.

Abstract

During the development of the security subsystem of modern information systems, a problem of the joint implementation of several access control models arises quite often. Traditionally, a request for the user's access to resources is granted in case of simultaneous access permission by all active security policies. When there is a conflict between the decisions of the security policies, the issue of granting access remains open. The proposed method of combining multiple security policies is based on the decision support algorithms and provides a response to the access request, even in case of various decisions of active security policies. To construct combining algorithm we determine a number of weight coefficients, use a weighted sum of the clearance levels of individual security policies and apply the analytic hierarchy process. The weight coefficients are adjustable parameters of the algorithm and allow administrator to manage the impact of the various security rules flexibly.