Results 1 - 10
of
19
SECURITY ANALYSIS IN ROLE-BASED ACCESS CONTROL
, 2005
"... The administration of large Role-Based Access Control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation greatly enhances flexibility and scalability, it ..."
Abstract
-
Cited by 70 (11 self)
- Add to MetaCart
The administration of large Role-Based Access Control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization has over its resources, thereby diminishing a major advantage RBAC has over Discretionary Access Control (DAC). We propose to use security analysis techniques to maintain desirable security properties while delegating administrative privileges. We give a precise definition of a family of security analysis problems in RBAC, which is more general than safety analysis that is studied in the literature. We show that two classes of problems in the family can be reduced to similar analysis in the RT[և, ∩] role-based trust-management language, thereby establishing an interesting relationship between RBAC and the RT framework. The reduction gives efficient algorithms for answering most kinds of queries in these two classes and establishes the complexity bounds for the intractable cases.
A Theory for Comparing the Expressive Power of Access Control Models
, 2004
"... Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. While such comparisons are generally based on simulations between different access control schemes, the definitions for simulations that are used in the literature are informal, and m ..."
Abstract
-
Cited by 13 (1 self)
- Add to MetaCart
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. While such comparisons are generally based on simulations between different access control schemes, the definitions for simulations that are used in the literature are informal, and make it impossible to put results and claims about the expressive power of access control models into a single context. Furthermore, some definitions for simulations used in the literature such as those used for comparing RBAC (Role-Based Access Control) with other models, are too weak to distinguish access control models from one another in a meaningful way. We propose a theory for comparing the expressive power of access control models. We perceive access control systems as state-transition systems and require simulations to preserve security properties. We discuss the rationale behind such a theory, apply the theory to reexamine some existing work on the expressive power of access control models in the literature, and present four results. We show that: (1) the well known HRU scheme is limited in its expressive power when compared to a rather simple trust-management scheme, thereby formally establishing a conjecture from the literature; (2) RBAC with a particular administrative scheme from the literature (ARBAC97) is limited in its expressive power, countering claims in the literature that RBAC is more expressive than DAC (Discretionary Access Control) schemes; (3) the ability to check for the absence of rights (in addition to the presence of rights) causes ATAM (Augmented Typed Access Matrix) to be more expressive than TAM (Typed Access Matrix); and (4) a trust-management scheme is at least as expressive as RBAC with a particular administrative scheme (the URA97 component of ARBAC97).
A Secure Software Architecture Description Language
- In Workshop on Software Security Assurance Tools, Techniques, and Metrics
, 2005
"... Security is becoming a more and more important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an indepth treatment of security. This paper argues for a more comprehensive treatment of an important security aspect, access contr ..."
Abstract
-
Cited by 11 (1 self)
- Add to MetaCart
(Show Context)
Security is becoming a more and more important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an indepth treatment of security. This paper argues for a more comprehensive treatment of an important security aspect, access control, at the architecture level. Our approach models security subject, resource, privilege, safeguard, and policy of architectural constituents. The modeling language, Secure xADL, is based on our existing modular and extensible architecture description language. Our modeling is centered around software connectors that provides a suitable vehicle to model, capture, and enforce access control. Combined with security contracts of components, connectors facilitate describing the security characteristics of software architecture, generating enabling infrastructure, and monitoring run-time conformance. This paper presents the design of the language and initial results of applying this approach. This research contributes to deeper and more comprehensive modeling of architectural security, and facilitates detecting architectural vulnerabilities and assuring correct access control at an early design stage.
A layered approach to simplified access control in virtualized systems
- Operating Systems Review
, 2007
"... In this work, we show how the abstraction layer created by a hypervisor, or virtual machine monitor, can be leveraged to reduce the complexity of mandatory access control policies throughout the system. Policies governing access control decisions in today’s systems are complex and monolithic. Achiev ..."
Abstract
-
Cited by 11 (1 self)
- Add to MetaCart
(Show Context)
In this work, we show how the abstraction layer created by a hypervisor, or virtual machine monitor, can be leveraged to reduce the complexity of mandatory access control policies throughout the system. Policies governing access control decisions in today’s systems are complex and monolithic. Achieving strong security guarantees often means restricting usability across the entire system, which is a primary reason why mandatory access controls are rarely deployed. Our architecture uses a hypervisor and multiple virtual machines to decompose policies into multiple layers. This simplifies the policies and their enforcement, while minimizing the overall impact of security on the system. We show that the overhead of decomposing system policies into distinct policies for each layer can be negligible. Our initial implementation confirms that such layering leads to simpler security policies and enforcement mechanisms as well as a more robust layered trusted computing base. We hope that this work serves to start a dialog regarding the use of mandatory access controls within a hypervisor for both increasing security and improving manageability.
Contrôler le contrôle d’accès : Approches formelles
- In Approches Formelles dans l’Assistance au Développement de Logiciels, AFADL’07
"... Abstract. Un des aspects de la sécurité en informatique concerne le contrôle des accès aux données d’un système pour lequel différentes politiques de sécurité peuvent être mises en application. Toutefois, rien ne sert de mettre en place une politique de sécurité pour gérer un système si les programm ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Un des aspects de la sécurité en informatique concerne le contrôle des accès aux données d’un système pour lequel différentes politiques de sécurité peuvent être mises en application. Toutefois, rien ne sert de mettre en place une politique de sécurité pour gérer un système si les programmes chargés de garantir le bon fonctionnement de cette politique ne sont pas fiables. Ne pas apporter de garanties fortes sur la correction de tels programmes reviendrait à construire un château fort avec une porte en papier. Cet article rend compte de manière informelle de différentes expériences permettant d’obtenir des développements formels de politiques de contrôle d’accès. Ces développements nous conduisent à introduire un “cadre sémantique ” dans lequel il est possible de spécifier, implanter et comparer des politiques de contrôle d’accès.
A lattice interpretation of group-centric collaboration with expedient insiders
- In Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2012 8th International Conference on
, 2012
"... Abstract—For various reasons organizations need to collaborate with external consultants, e.g. domain specialists, on specific projects. Many security-oriented organizations deploy multi-level systems which enforce one directional information flow in a lattice of security labels. However, traditiona ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract—For various reasons organizations need to collaborate with external consultants, e.g. domain specialists, on specific projects. Many security-oriented organizations deploy multi-level systems which enforce one directional information flow in a lattice of security labels. However, traditional lattice constructions are not suitable for accommodating external consultants, since such consultants are not “true insiders ” but rather “expedient insiders ” who should receive much more limited privileges than employees. An authorization model for group-centric collaboration with expedient insiders (GEI) has been recently proposed, wherein organizations create groups and replicate the organizational lattice with selected content for such collaborations [4]. Motivated by GEI, in this paper, we formulate a novel lattice construction wherein a new collaboration category is introduced for each new collaboration group, in a manner significantly different from the usual process of defining new security categories in a lattice. In particular, a collaboration category brings together only the required objects and users. We develop a formal model for lattices with collaborative compartments (LCC) comprising administrative and operational parts covering the life-cycle of such collaborations. We formally prove the equivalence of LCC and GEI, thereby precisely characterizing the information flow and security properties of GEI which heretofore had only been informally considered. This equivalence shows that GEI can be realized via LBAC with minimal operational disruptions.
Equivalence of Group-Centric Collaboration with Expedient Insiders (GEI) and LBAC with Collaborative Compartments (LCC)
"... Equivalence of access control models can be proved by comparing their expressive power. Tripunitara and Li [3] have given a generalized theoretical formulation for comparing expressive power of access control models via simulations that preserve security properties which are called state matching re ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Equivalence of access control models can be proved by comparing their expressive power. Tripunitara and Li [3] have given a generalized theoretical formulation for comparing expressive power of access control models via simulations that preserve security properties which are called state matching reductions. This report gives a formal proof of a state matching reduction from Group-Centric Collaboration with Expedient Insiders (GEI) [1] to LBAC with Collaborative Compartments (LCC), a model defined in this report, and vice versa. So GEI and LCC are equivalent in their expressive power as per [3]. I.
Access Control Taxonomy for Social Networks
"... Abstract—Social networks are online platforms where users form relationships with others by sharing resources. Access control for these social networks is different from other systems as it fulfills the social requirements of community as well as the technical requirements of the system. This paper ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Social networks are online platforms where users form relationships with others by sharing resources. Access control for these social networks is different from other systems as it fulfills the social requirements of community as well as the technical requirements of the system. This paper presents a classification of access control models for social networks based on lattice taxonomy where axes represent the properties of the models. The proposed taxonomy has eight axes representing: requestor identity, mapping authority, resource control, relationship management, credential distribution, access control decisions, rights delegation and transparency. Analysis of existing models using this taxonomy highlights the tradeoffs between user control, state distribution and social needs. The taxonomy reveals that various interesting features of social networks have not been implemented yet and there is a gap between the social requirements and access control features of social networks. Keywords-Access Control; Social networks; Taxonomy; I.
