A framework for verification and optimal reconfiguration of event-driven role based access control policies

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI:10.1145/2295136.2295172

Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino

{"title":"A framework for verification and optimal reconfiguration of event-driven role based access control policies","authors":"Basit Shafiq, Jaideep Vaidya, A. Ghafoor, E. Bertino","doi":"10.1145/2295136.2295172","DOIUrl":null,"url":null,"abstract":"Role based access control (RBAC) is the de facto model used for advanced access control due to its inherent richness and flexibility. Despite its great success at modeling a variety of organizational needs, maintaining large complex policies is a challenging problem. Conflicts within policies can expose the underlying system to numerous vulnerabilities and security risks. Therefore, more comprehensive verification tools for RBAC need to be developed to enable effective access control. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in policies modeled through event-driven RBAC, an important subset of generalized temporal RBAC applicable to many domains, such as SCADA systems. We define the conflict resolution problem and propose an integer programming based heuristic. The proposed approach is generic and can be tuned to a variety of optimality measures.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"73 1","pages":"197-208"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2295136.2295172","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Role based access control (RBAC) is the de facto model used for advanced access control due to its inherent richness and flexibility. Despite its great success at modeling a variety of organizational needs, maintaining large complex policies is a challenging problem. Conflicts within policies can expose the underlying system to numerous vulnerabilities and security risks. Therefore, more comprehensive verification tools for RBAC need to be developed to enable effective access control. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in policies modeled through event-driven RBAC, an important subset of generalized temporal RBAC applicable to many domains, such as SCADA systems. We define the conflict resolution problem and propose an integer programming based heuristic. The proposed approach is generic and can be tuned to a variety of optimality measures.

查看原文本刊更多论文

用于验证和优化重新配置事件驱动的基于角色的访问控制策略的框架

基于角色的访问控制(RBAC)由于其固有的丰富性和灵活性而成为高级访问控制的事实模型。尽管它在建模各种组织需求方面取得了巨大成功，但维护大型复杂策略是一个具有挑战性的问题。策略内部的冲突可能会使底层系统暴露在许多漏洞和安全风险之下。因此，需要开发更全面的RBAC验证工具，以实现有效的访问控制。在本文中，我们提出了一个验证框架，用于检测和解决通过事件驱动RBAC建模的策略中的不一致和冲突。事件驱动RBAC是广义时态RBAC的一个重要子集，适用于许多领域，如SCADA系统。定义了冲突解决问题，提出了一种基于整数规划的启发式方法。所提出的方法是通用的，可以调整到各种最优性度量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量