Conflict Detection and Resolution in Access Control Policy Specifications