Proceedings of the 28th ACM Symposium on Access Control Models and Technologies最新文献

{"title":"Poster: Attribute Based Access Control for IoT Devices in 5G Networks","authors":"Sascha Kaven, Volker Skwarek","doi":"10.1145/3589608.3595081","DOIUrl":"https://doi.org/10.1145/3589608.3595081","url":null,"abstract":"The deployment of 5G technology has the potential to usher in a new era for the internet of things (IoT). The introduction of new use cases, such as massive machine-type communications (mMTC), referring to a large number of IoT devices, resulting in the increasing importance of 5G as the basic communication infrastructure for IoT. However, the increasing connectivity of IoT devices coincides with a number of risks to security. Many IoT sensors have limited resources and, therefore, cannot perform the complex security measures required to protect them from attacks and data loss. Furthermore, IoT networks are very scattered, distributed and dynamic, so decentralised security measures are required. To address these challenges, this poster proposes the integration of attribute-based access control (ABAC) into the 5G service-based architecture. This approach aims to prevent unauthorized access to IoT devices at the network level, thereby alleviating the computational burden on resource-constrained IoT devices. By implementing ABAC, the proposed solution offers a more efficient method for managing access control within the IoT landscape in the context of 5G networks.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127472324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Specifying a Usage Control System","authors":"Ulrich Schöpp, Chuangjie Xu, Amjad Ibrahim, Fathiyeh Faghih, T. Dimitrakos","doi":"10.1145/3589608.3593843","DOIUrl":"https://doi.org/10.1145/3589608.3593843","url":null,"abstract":"Modern system architectures require sophisticated access and usage control mechanisms. The need stems from demanding requirements for security, data sovereignty and privacy regulations, as well as the challenges presented by architectural approaches like zero trust networking. Usage control systems provide one approach to encapsulate and manage the complexities related to access and usage control. In order to trust a usage control system, it is essential to ensure that usage control policies express the intended properties and are enforced correctly. To achieve this, we need a precise specification of the intended behavior of a usage control system. For attribute-based access control, the XACML standard is a sufficient specification of the behavior of policies. Usage control models, such as UCON, extend access control with features for continuous authorization based on mutability of attribute values. This adds significant complexity to the problem of specifying the intended behavior. In this paper, we identify challenges with specifying a practical usage control system regarding continuous control, obligations, and concurrency aspects. We describe an approach to specifying the UCON+ model of Dimitrakos et al. and outline an implementation of the specification with Answer Set Programming.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122335816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Hardness of Learning Access Control Policies","authors":"Xiaomeng Lei, Mahesh V. Tripunitara","doi":"10.1145/3589608.3593840","DOIUrl":"https://doi.org/10.1145/3589608.3593840","url":null,"abstract":"The problem of learning access control policies is receiving increasing attention in research. We contribute to the foundations of this problem by posing and addressing meaningful questions on computational hardness. Our work addresses learning access control policies in the context of three different models from the literature: the access matrix, and Role- and Relationship-Based Access Control (RBAC and ReBAC, respectively). Our underlying theory is the well-established notion of Probably Approximately Correct (PAC), with careful extensions for our setting. The data, or examples, a learning algorithm is provided in our setup is that related to access enforcement, which is the process by which a request for access to a resource is decided. For the access matrix, we pose a learning problem that turns out to be computationally easy, and another that we prove is computationally hard. We generalize the former result so we have a sufficient condition for establishing other problems to be computationally easy. With these results as the basis, we consider five learning problems in the context of RBAC, two of which turn out to be computationally hard. Finally, we consider four learning problems in the context of ReBAC, all of which turn out to be computationally easy. Every proof for a problem that is computationally easy is constructive, in that we propose a learning algorithm for the problem that is efficient, and probably, approximately correct. As such, our work makes contributions at the foundations of an important, emerging aspect of access control, and thereby, information security.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114517432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Data Sharing in Social Networks","authors":"Clara Bertolissi, A. Martinez Anton, Nicola Zannone","doi":"10.1145/3589608.3593833","DOIUrl":"https://doi.org/10.1145/3589608.3593833","url":null,"abstract":"In the context of multi-user cooperative systems and, in particular, in social networks, personal data is uploaded to user profiles and shared with other users. These data are often jointly owned and associated with different degrees of sensitivity according to the users. Controlling access to such multi-owner data, under the authority of different users, is challenging. Traditional access control policies are not expressive enough to determine whether a data disclosure meets the privacy expectations of the different involved parties. In this work, we propose a fine-grained access control model for multi-user cooperative systems and apply it to the context of social networks. We consider compound objects and extend attribute-based access control with provenance information to specify additional access control constraints. We also present a prototype implementation and provide an experimental evaluation to demonstrate the feasibility of the proposed model.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"10 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129128034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Expressive Authorization Policies using Computation Principals","authors":"Anitha Gollamudi, Stephen Chong","doi":"10.1145/3589608.3593834","DOIUrl":"https://doi.org/10.1145/3589608.3593834","url":null,"abstract":"In authorization logics, it is natural to treat computations as principals, since systems need to decide how much authority to give computations when they execute. But unlike other kinds of principals, the authority that we want to give to computations might be based on properties of the computation itself, such as whether the computation is differentially private, or whether the computation is memory safe. Existing authorization logics do not treat computation principals specially. Instead, they identify computation principals using a brittle hash-based naming scheme: minor changes to the code produce a distinct principal, even if the new computation is equivalent to the original one. Moreover, existing authorization logics typically treat computation principals as \"black boxes,\" leaving any reasoning about the structure, semantics, or other properties of the computation out of the logic. We introduce Coal, a novel programming-language calculus that embeds an authorization logic in its type system via the Curry- Howard isomorphism. A key innovation of Coal is computation principals: computations that can be treated like other principals but also allow reasoning about the computation itself. Critically, Coal allows equivalent computations to be treated as equivalent principals, avoiding the brittleness of identity-based approaches to computation principals. Coal enables us to cleanly express fine-grained access control policies that are dependent on the structure and semantics of computations, such as expressing trust in all computations that are analyzed to be differentially private by any program analyzer that has been verified correct.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133891510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Category-Based Approach to Access Control, Obligations and Privacy","authors":"M. Fernández","doi":"10.1145/3589608.3593814","DOIUrl":"https://doi.org/10.1145/3589608.3593814","url":null,"abstract":"The category-based access control metamodel provides an axiomatic framework for the specification of access control models. In this talk, we give an overview of the category-based approach to access control, obligation and privacy policy specification.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130057200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Poster: APETEEt -- Secure Enforcement of ABAC Policies using Trusted Execution Environment","authors":"Pritkumar Godhani, Rahul Bharadhwaj, S. Sural","doi":"10.1145/3589608.3595079","DOIUrl":"https://doi.org/10.1145/3589608.3595079","url":null,"abstract":"We introduce a novel framework for efficient enforcement of Attribute-Based Access Control (ABAC) policies using trusted execution environment. An ABAC policy is represented in the form of a height-balanced tree constructed and deployed in the trusted enclave. Both the policy and its enforcement are thus protected against intentional or accidental changes. The modular design of our framework enables any application to use its APIs for building secure ABAC systems. Our initial experiments show promising results.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134117842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Framework for Privacy-Preserving White-Box Anomaly Detection using a Lattice-Based Access Control","authors":"Cristoffer Leite, J. den Hartog, Paul Koster","doi":"10.1145/3589608.3593831","DOIUrl":"https://doi.org/10.1145/3589608.3593831","url":null,"abstract":"Privacy concerns are amongst the core issues that will constrain the adoption of distributed anomaly detection. Indeed, when outsourcing anomaly detection, i.e. with a party other than the data owner running the detection, confidential or private aspects of the observed data may need protection. Some privacy-enhancing function is usually employed. Because of the impact that this restriction causes in the creation of explainable alerts, finding mechanisms to balance the trade-off between privacy and usefulness has become increasingly important. Due to this motivation, in this paper, a privacy-preserving white-box anomaly detection framework is presented to facilitate matching the compatibility between service requirements and privacy restrictions of an user by using an access control based on a lattice of privacy protection levels. Our framework allows entities to verify these trade-offs by specifying required protection at the level of features. We evaluate the framework in a real-world scenario within the e-health setting. The results point out that it can generate interpretable alerts while protecting the confidentiality of the data.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"16 11","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132974670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy","authors":"I. Anjum, Jessica Sokal, Hafiza Ramzah Rehman, Ben Weintraub, Ethan Leba, W. Enck, C. Nita-Rotaru, Bradley Reaves","doi":"10.1145/3589608.3593836","DOIUrl":"https://doi.org/10.1145/3589608.3593836","url":null,"abstract":"Commercially-available software defined networking (SDN) technologies will play an important role in protecting the on-premises resources that remain as enterprises transition to zero trust architectures. However, existing solutions assume the entire network resides in a single geographic location, requiring organizations with multiple sites to manually ensure consistency of security policy across all sites. In this paper, we present MSNetViews, which extends a single, globally-defined and managed, enterprise network security policy to many geographically distributed sites. Each site operates independently and enforces a site-specific policy slice that is dynamically parameterized with user location as employees roam between sites. We build a prototype of MSNetViews and show that for an enterprise with globally distributed sites, the average time for policy state to settle after a user roams to a new site is well below two seconds. As such, we demonstrate that multisite organizations can efficiently protect their on-premises network-attached devices via a single global perspective.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114358165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WebSheets: A New Privacy-Centric Framework for Web Applications","authors":"S. Stoller","doi":"10.1145/3589608.3593816","DOIUrl":"https://doi.org/10.1145/3589608.3593816","url":null,"abstract":"Spreadsheets are enormously popular because they enable non-programmers to create applications that manipulate tabular data. The core functionality of many web applications is to display and manipulate tabular data, typically stored in databases. These observations inspired the design of WebSheets, a no-code/low-code web application development framework that provides novel support for security and privacy. The key innovation of WebSheets is that fine-grained, data-driven security policies, as well as application logic, are expressed in the spreadsheet paradigm. This empowers data owners, who are often non-programmers, to directly implement their desired security policies. Each data table in WebSheets is paired with a permission table, which is editable only by the data table's owner. Formulas in a permission table define who can read and write cells in the associated data table. These formulas can easily express role-based, attribute-based and relationship-based access control policies as well as delegation. WebSheets guarantees that these policies are enforced during the entire lifetime of every data item, as it flows through calculations within an application and even when it is passed between applications. While providing global privacy guarantees similar to information flow control systems, WebSheets enables end users to work with the more familiar access control policies. Any user wishing to safeguard their data should store them in tables they own, thereby requiring all web applications to access their data by referencing their tables. This ensures that all applications will respect their access policies in the associated permission tables. By automatically filtering out inaccessible rows and columns, WebSheets presents user-customized views that are the key feature of many web applications. Additional key features of WebSheets include: secure and scalable distributed evaluation techniques that confine WebSheets computations using OS-based access control and sandboxing mechanisms to enforce the principle of least privilege; secure integration with external systems, including web servers, databases, web browsers, user interfaces, and external modules. The benefits of distributed, least-privilege evaluation extend to modules written in any language; policy analysis, including novel techniques to help users understand policies and debug policy errors, and to improve policies over time, either to correct problems or respond to changes in use; and expressive formula language that features first-class tables, seamless integration of access control and input validation, and support for declassification. Web application vulnerabilities have been the dominant cause of data breaches in recent years. As defenses against lower-level vulnerabilities have come to be widely deployed, attackers are targeting higher-level errors. WebSheets addresses the following three common types of higher-level errors. Omitted or incorrectly coded security policies. Key","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"196 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115482254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}