Hybrid authorizations and conflict resolution

Numerous authorization models have been proposed in recent years. While some models support either positive or negative authorizations, hybrid models take advantage of both authorizations simultaneously. However, resolving authorization conflicts is quite a challenge in such models due to the existence of sophisticated hierarchies and diversity of types of resolution strategies. There are works that have addressed conflict resolution for tree-structured subject hierarchies. Yet, no widespread framework has been proposed for graph-based structures. A widespread resolution framework ought to provide several resolution strategies and to support sophisticated structures. Our attempt is to define such a framework. In particular, our framework resolves conflicts for subject hierarchies that form directed acyclic graphs. It also unites major resolution policies in a novel way by which thirty-two combined strategies are simultaneously expressed. We also provide parametric algorithms to support the strategies and to justify the framework with our analysis and experiments.