发布求助
文献互助 智能选刊 最新文献

Proceedings of the 20th ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies Mohawk+T:基于角色的访问控制(ATRBAC)策略的有效分析
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752966
Jonathan Shahen, Jianwei Niu, Mahesh V. Tripunitara
{"title":"Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies","authors":"Jonathan Shahen, Jianwei Niu, Mahesh V. Tripunitara","doi":"10.1145/2752952.2752966","DOIUrl":"https://doi.org/10.1145/2752952.2752966","url":null,"abstract":"Safety analysis is recognized as a fundamental problem in access control. It has been studied for various access control schemes in the literature. Recent work has proposed an administrative model for Temporal Role-Based Access Control (TRBAC) policies called Administrative TRBAC (ATRBAC). We address ATRBAC-safety. We first identify that the problem is PSPACE-Complete. This is a much tighter identification of the computational complexity of the problem than prior work, which shows only that the problem is decidable. With this result as the basis, we propose an approach that leverages an existing open-source software tool called Mohawk to address ATRBAC-safety. Our approach is to efficiently reduce ATRBAC-safety to ARBAC-safety, and then use Mohawk. We have conducted a thorough empirical assessment. In the course of our assessment, we came up with a \"reduction toolkit,\" which allows us to reduce Mohawk+T input instances to instances that existing tools support. Our results suggest that there are some input classes for which Mohawk+T outperforms existing tools, and others for which existing tools outperform Mohawk+T. The source code for Mohawk+T is available for public download.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128004562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Post-Snowden Threat Models 后斯诺登威胁模型
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752978
B. Preneel
{"title":"Post-Snowden Threat Models","authors":"B. Preneel","doi":"10.1145/2752952.2752978","DOIUrl":"https://doi.org/10.1145/2752952.2752978","url":null,"abstract":"In June 2013 Edward Snowden leaked a large collection of documents that describe the capabilities and technologies of the NSA and its allies. Even to security experts the scale, nature and impact of some of the techniques revealed was surprising. A major consequence is the increased awareness of the public at large of the existence of highly intrusive mass surveillance techniques. There has also been some impact in the business world, including a growing interest in companies that (claim to) develop end-to-end secure solutions. There is no doubt that large nation states and organized crime have carefully studied the techniques and are exploring which ones they can use for their own benefit. But after two years, there is little progress in legal or governance measures to address some of the excesses by increasing accountability. Moreover, the security research community seems to have been slow to respond to the new threat landscape. In this lecture we analyze these threats and speculate how they could be countered.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117285401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling 通过约束驱动的虚拟资源调度降低IaaS云中的多租户风险
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752964
K. Bijon, R. Krishnan, R. Sandhu
{"title":"Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling","authors":"K. Bijon, R. Krishnan, R. Sandhu","doi":"10.1145/2752952.2752964","DOIUrl":"https://doi.org/10.1145/2752952.2752964","url":null,"abstract":"A major concern in the adoption of cloud infrastructure-as-a-service (IaaS) arises from multi-tenancy, where multiple tenants share the underlying physical infrastructure operated by a cloud service provider. A tenant could be an enterprise in the context of a public cloud or a department within an enterprise in the context of a private cloud. Enabled by virtualization technology, the service provider is able to minimize cost by providing virtualized hardware resources such as virtual machines, virtual storage and virtual networks, as a service to multiple tenants where, for instance, a tenant's virtual machine may be hosted in the same physical server as that of many other tenants. It is well-known that separation of execution environment provided by the hypervisors that enable virtualization technology has many limitations. In addition to inadvertent misconfigurations, a number of attacks have been demonstrated that allow unauthorized information flow between virtual machines hosted by a hypervisor on a given physical server. In this paper, we present attribute-based constraints specification and enforcement as a mechanism to mitigate such multi-tenancy risks that arise in cloud IaaS. We represent relevant properties of virtual resources (e.g., virtual machines, virtual networks, etc.) as their attributes. Conflicting attribute values are specified by the tenant or by the cloud IaaS system as appropriate. The goal is to schedule virtual resources on physical resources in a conflict-free manner. The general problem is shown to be NP-complete. We explore practical conflict specifications that can be efficiently enforced. We have implemented a prototype for virtual machine scheduling in OpenStack, a widely-used open-source cloud IaaS software, and evaluated its performance overhead, resource requirements to satisfy conflicts, and resource utilization.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123345291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Privacy and Access Control: How are These Two concepts Related? 隐私和访问控制:这两个概念是如何关联的?
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752980
A. Squicciarini, Ting Yu
{"title":"Privacy and Access Control: How are These Two concepts Related?","authors":"A. Squicciarini, Ting Yu","doi":"10.1145/2752952.2752980","DOIUrl":"https://doi.org/10.1145/2752952.2752980","url":null,"abstract":"Privacy issues are increasingly becoming important for many domains and applications. Many of such issues arise from the constant streaming of personal and sensitive data made available from lay users online, and also from the emerging widespread of highly ubiquitous and content-rich, personalized applications. Further, strong regulatory frameworks are now in place to ensure that users’ data is properly managed and protected. For instance, the responsible management of sensitive data is explicitly being mandated through laws such as the Sarbanes-Oaxley Act and the Health Insurance Portability and Accountability Act (HIPAA). Accordingly, data and user privacy have received substantial research attention over the past years. Several technical challenges have been tackled, including how to balance utility with the need to preserve privacy of individual data, and how to protect data from unwanted and unauthorized parties [5, 1, 6, 2]. In parallel, in response to several privacy outcries, many companies and organizations involved with users’ data collection and management (particularly online) have also made an effort toward introducing stronger privacy and access control solutions. Yet these efforts have been shown to be inadequate or insufficient [7]. Among the various methods and mechanisms to ensure users’ privacy, access control techniques are a well-established building block to protect users’ data. Historically, the mechanism for access control was considered only a support provided by database systems for sensitive structured data. Such a model of authorization is intuitive to application developers and users of the database system, but it only","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115758953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Hard Instances for Verification Problems in Access Control 访问控制中验证问题的硬实例
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752959
Nima Mousavi, Mahesh V. Tripunitara
{"title":"Hard Instances for Verification Problems in Access Control","authors":"Nima Mousavi, Mahesh V. Tripunitara","doi":"10.1145/2752952.2752959","DOIUrl":"https://doi.org/10.1145/2752952.2752959","url":null,"abstract":"We address the generation and analysis of hard instances for verification problems in access control that are NP-hard. Given the customary assumption that P ≠ NP, we know that such classes exist. We focus on a particular problem, the user-authorization query problem (UAQ) in Role-Based Access Control (RBAC). We show how to systematically generate hard instances for it. We then analyze what we call the structure of those hard instances. Our work brings the important aspect of systematic investigation of hard input classes to access control research.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114326708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Federated Access Management for Collaborative Network Environments: Framework and Case Study 协作网络环境的联邦访问管理:框架和案例研究
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752977
Carlos E. Rubio-Medrano, Ziming Zhao, Adam Doupé, Gail-Joon Ahn
{"title":"Federated Access Management for Collaborative Network Environments: Framework and Case Study","authors":"Carlos E. Rubio-Medrano, Ziming Zhao, Adam Doupé, Gail-Joon Ahn","doi":"10.1145/2752952.2752977","DOIUrl":"https://doi.org/10.1145/2752952.2752977","url":null,"abstract":"With the advent of various collaborative sharing mechanisms such as Grids, P2P and Clouds, organizations including private and public sectors have recognized the benefits of being involved in inter-organizational, multi-disciplinary, and collaborative projects that may require diverse resources to be shared among participants. In particular, an environment that often makes use of a group of high-performance network facilities would involve large-scale collaborative projects and tremendously seek a robust and flexible access control for allowing collaborators to leverage and consume resources, e.g., computing power and bandwidth. In this paper, we propose a federated access management scheme that leverages the notion of attributes. Our approach allows resource-sharing organizations to provide distributed provisioning (publication, location, communication, and evaluation) of both attributes and policies for federated access management purposes. Also, we provide a proof-of-concept implementation that leverages distributed hash tables (DHT) to traverse chains of attributes and effectively handle the federated access management requirements devised for inter-organizational resource sharing and collaborations.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130310549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Mitigating Access Control Vulnerabilities through Interactive Static Analysis 通过交互式静态分析减少访问控制漏洞
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752976
Jun Zhu, Bill Chu, H. Lipford, Tyler Thomas
{"title":"Mitigating Access Control Vulnerabilities through Interactive Static Analysis","authors":"Jun Zhu, Bill Chu, H. Lipford, Tyler Thomas","doi":"10.1145/2752952.2752976","DOIUrl":"https://doi.org/10.1145/2752952.2752976","url":null,"abstract":"Access control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114594746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
A Prototype to Reduce the Amount of Accessible Information 减少可访问信息数量的原型
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752953
Rainer Fischer
{"title":"A Prototype to Reduce the Amount of Accessible Information","authors":"Rainer Fischer","doi":"10.1145/2752952.2752953","DOIUrl":"https://doi.org/10.1145/2752952.2752953","url":null,"abstract":"Authorized insiders downloading mass data via their user interface are still a problem. In this paper a prototype to prevent mass data extractions is proposed. Access control models efficiently protect security objects but fail to define subsets of data which are narrow enough to be harmless if downloaded. Instead of controlling access to security objects the prototype limits the amount of accessible information. A heuristic approach to measures the amount of information is used. The paper describes the implementation of the prototype which is an extension of an SAP system as an example for a large enterprise information system.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126023757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Initial Encryption of large Searchable Data Sets using Hadoop 使用Hadoop对大型可搜索数据集进行初始加密
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752960
Feng Wang, Mathias Kohler, A. Schaad
{"title":"Initial Encryption of large Searchable Data Sets using Hadoop","authors":"Feng Wang, Mathias Kohler, A. Schaad","doi":"10.1145/2752952.2752960","DOIUrl":"https://doi.org/10.1145/2752952.2752960","url":null,"abstract":"With the introduction and the widely use of external hosted infrastructures, secure storage of sensitive data becomes more and more important. There are systems available to store and query encrypted data in a database, but not all applications may start with empty tables rather than having sets of legacy data. Hence, there is a need to transform existing plaintext databases to encrypted form. Usually existing enterprise databases may contain terabytes of data. A single machine would require many months for the initial encryption of a large data set. We propose encrypting data in parallel using a Hadoop cluster which is a simple five step process including the Hadoop set up, target preparation, source data import, encrypting the data, and finally exporting it to the target. We evaluated our solution on real world data and report on performance and data consumption. The results show that encrypting data in parallel can be done in a very scalable manner. Using a parallelized encryption cluster compared to a single server machine reduces the encryption time from months down to days or even hours.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134070028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automated Inference of Access Control Policies for Web Applications Web应用访问控制策略的自动推理
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies Pub Date : 2015-06-01 DOI: 10.1145/2752952.2752969
H. Le, Duy Cu Nguyen, L. Briand, Benjamin Hourte
{"title":"Automated Inference of Access Control Policies for Web Applications","authors":"H. Le, Duy Cu Nguyen, L. Briand, Benjamin Hourte","doi":"10.1145/2752952.2752969","DOIUrl":"https://doi.org/10.1145/2752952.2752969","url":null,"abstract":"In this paper, we present a novel, semi-automated approach to infer access control policies automatically for web-based applications. Our goal is to support the validation of implemented access control policies, even when they have not been clearly specified or documented. We use role-based access control as a reference model. Built on top of a suite of security tools, our approach automatically exercises a system under test and builds access spaces for a set of known users and roles. Then, we apply a machine learning technique to infer access rules. Inconsistent rules are then analysed and fed back to the process for further testing and improvement. Finally, the inferred rules can be validated based on pre-specified rules if they exist. Otherwise, the inferred rules are presented to human experts for validation and for detecting access control issues. We have evaluated our approach on two applications; one is open source while the other is a proprietary system built by our industry partner. The obtained results are very promising in terms of the quality of inferred rules and the access control vulnerabilities it helped detect.","PeriodicalId":305802,"journal":{"name":"Proceedings of the 20th ACM Symposium on Access Control Models and Technologies","volume":"172 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128077762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信