Zero Trust is an approach allowing for increased security by providing an object or a subject with the three CIA (Confidentiality, Integrity, Availability) security aspects. To comply with the CIA criteria, access control models need to support functionalities such as: a) safer permission grant and authorization processes, b) policy decision delivery to single or multiple users, and c) policy decision delivery to single or multiple actions or objects. In addition, we need to consider redundancy, conflict detection, different types of permissions to delegate, delegation, and the separation of duties (SoD) with different types. Extensive literature exists with respect to delegation operations on access control models, but most of them do not consider redundancy or partial conflict detection with regard to the standard policies. We address the positive and negative policies resolution as a precursor to the delegation request resolution. We address the resolutions in context of the standard policies that allow or deny an action on the object to a single or multiple subjects. We provide an analysis via multiple case studies using a Python implementation of the HPol (Hierarchical Policy) model. Our analysis demonstrates the ability of the HPol model to handle access control resolution issues discussed, with proof of results in context of the positive and negative (YES & NO) policy requests.
- Graph-based formal modeling and implementation of access control policies with automated conflict and redundancy detection
- Azan Hamad Alkhorem - Majmaah UniversityDaniel Conte de Leon - University of Idaho, Computer ScienceAnanth A. Jillepalli - Washington State UniversityJia Song - University of Idaho, Computer Science
- International journal of information security, Vol.25(2), pp.1-20
- Springer Berlin Heidelberg
- 20
- 996891965701851
- Copyright © 2026, The Author(s)
- Center for Secure and Dependable Systems; Computer Science
- English
- Journal article