A Graph-Based Formal Access Control Model to Support Positive & Negative Permissions, Exceptions, Redundancy & Conflict Detection, Permission to Delegate, Delegation, Separation of Duties (SoD), and SoD Exceptions & Violation Detection

Abstract

Access control policies models provide a better approach to control users actives regarding allowing or denying such action to user or group within the resources. This mechanism allowed us to verify the grant or the denial of access. Within the access control hierarchy structure, there are more features that must be supported with different permissions on non-hierarchy and hierarchy structure. In this study we developed a methodology that supports the enhancement of positive policy represented by (YES) and adds negative policy represented by (NO). Moreover, we include supporting both types of permission to delegate and both types of delegation. Although, we implement supporting an exception policies approach for both types of stander policies positive and negative. Furthermore, we developed a method to adopt two different types of Separation of Duties (SoD). This includes redundancy, conflict detection, valid polices request of SoD, violation, and non-violation polices request between each type itself and between the first type against the second concept of SoD rules as well as vice versa. In addition, we validate another technique that these two different types of SoD do not violate both types of stander policies concept. Finally, we examine both types of stander policies concept never violate both types of SoD rules in the hierarchy manner. These challenges have been successfully verified on the hierarchy policy model (HPol). These features give the HPol model more advantages supporting complex polices on non-hierarchy and hierarchy structure.