Using the decision support algorithms combining different security policies

Abstract: During the development of the security subsystem of modern information systems, a problem of the joint implementation of several access control models arises quite often. Traditionally, a request for the user's access to resources is granted in case of simultaneous access permission by all active security policies. When there is a conflict between the decisions of the security policies, the issue of granting access remains open. The proposed method of combining multiple security policies is based on the decision support algorithms and provides a response to the access request, even in case of various decisions of active security policies. To construct combining algorithm we determine a number of weight coefficients, use a weighted sum of the clearance levels of individual security policies and apply the analytic hierarchy process. The weight coefficients are adjustable parameters of the algorithm and allow administrator to manage the impact of the various security rules flexibly.