Factoring high level information flow specifications into low level access controls

Fourth IEEE International Workshop on Information Assurance (IWIA'06) Pub Date : 2006-04-13 DOI:10.1109/IWIA.2006.8

Kevin Kahley, M. Radhakrishnan, Jon A. Solworth

{"title":"Factoring high level information flow specifications into low level access controls","authors":"Kevin Kahley, M. Radhakrishnan, Jon A. Solworth","doi":"10.1109/IWIA.2006.8","DOIUrl":null,"url":null,"abstract":"Low level access controls must provide efficient mechanisms for allowing or denying operations and hence are typically based on the access matrix. However, when combining the goals of efficiency along with the support for least privilege and higher level authorization properties (such as information flow confidentiality), the resulting access controls become tedious to encode. Compositional high level specifications can be much more succinct. When combined with administrative controls, they can be robust in changing what is authorized in a controlled manner. Such specifications offer the promise of being easier to configure and understand, and in fact can be automatically analyzed for authorization properties. However, there remains the issue of how to generate the low level access control configuration from the high level specification. In this paper, we describe a factoring algorithm to algorithmically translate a high level specification of information flow authorization properties into low level access controls. In addition, several optimizations are given which dramatically reduce the size of the access control configuration generated","PeriodicalId":156960,"journal":{"name":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2006.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Low level access controls must provide efficient mechanisms for allowing or denying operations and hence are typically based on the access matrix. However, when combining the goals of efficiency along with the support for least privilege and higher level authorization properties (such as information flow confidentiality), the resulting access controls become tedious to encode. Compositional high level specifications can be much more succinct. When combined with administrative controls, they can be robust in changing what is authorized in a controlled manner. Such specifications offer the promise of being easier to configure and understand, and in fact can be automatically analyzed for authorization properties. However, there remains the issue of how to generate the low level access control configuration from the high level specification. In this paper, we describe a factoring algorithm to algorithmically translate a high level specification of information flow authorization properties into low level access controls. In addition, several optimizations are given which dramatically reduce the size of the access control configuration generated

查看原文本刊更多论文

将高级信息流规范分解为低级访问控制

低级访问控制必须提供允许或拒绝操作的有效机制，因此通常基于访问矩阵。但是，当将效率目标与对最低权限和更高级别授权属性(如信息流机密性)的支持结合在一起时，生成的访问控制编码将变得繁琐。组合高级规范可以更加简洁。当与管理控制结合使用时，它们可以健壮地以受控的方式更改授权内容。这样的规范承诺更容易配置和理解，实际上可以自动分析授权属性。然而，如何从高层规范生成低层访问控制配置的问题仍然存在。在本文中，我们描述了一种分解算法，以算法方式将信息流授权属性的高级规范转换为低级访问控制。此外，给出了几个优化，这些优化大大减少了生成的访问控制配置的大小

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Fourth IEEE International Workshop on Information Assurance (IWIA'06)

自引率

0.00%

发文量