Structural complexity of conflict of interest policies

J. Crampton, G. Loizou

Research output: Working paper

Abstract

We define a conflict of interest policy and show that the definition is sufficiently general to include several well-known generic policies as special cases and to articulate policies in different models of access control. We show that conflict of interest policies can be regarded as members of $2^2^X$, for some set $X$, where $2^X$ denotes the powerset of $X$. We demonstrate that conflict of interest policies can be reduced to a canonical form and that the set of canonical conflict of interest policies is a subset of $2^2^X$. In particular, the set of canonical conflict of interest policies is the set of Sperner families in $2^X$. We define a partial ordering on the set of Sperner families and show that this corresponds to an intuitive notion of strength of conflict of interest policies. Furthermore, we show that this ordering leads to a formal definition for composition of policies. We give some examples of conflict of interest policies in the context of two access control models and compare our framework with existing work in the role-based access control community on separation of duty policies. We derive upper and lower bounds for the number of Sperner families improving on results obtained by Hansel. In particular, our introduction of the novel concept of a bi-symmetric chain partition enables us to improve the upper bound significantly. We also derive an expression for the maximum length of a string that is required to describe a conflict of interest policy.
Original languageEnglish
Publication statusPublished - 2000

Cite this