Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies最新文献

{"title":"Game theoretic analysis of multiparty access control in online social networks","authors":"Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, Dejun Yang","doi":"10.1145/2613087.2613097","DOIUrl":"https://doi.org/10.1145/2613087.2613097","url":null,"abstract":"Existing online social networks (OSNs) only allow a single user to restrict access to her/his data but cannot provide any mechanism to enforce privacy concerns over data associated with multiple users. This situation leaves privacy conflicts largely unresolved and leads to the potential disclosure of users' sensitive information. To address such an issue, a MultiParty Access Control (MPAC) model was recently proposed, including a systematic approach to identify and resolve privacy conflicts for collaborative data sharing in OSNs. In this paper, we take another step to further study the problem of analyzing the strategic behavior of rational controllers in multiparty access control, where each controller aims to maximize her/his own benefit by adjusting her/his privacy setting in collaborative data sharing in OSNs. We first formulate this problem as a multiparty control game and show the existence of unique Nash Equilibrium (NE) which is critical because at an NE, no controller has any incentive to change her/his privacy setting. We then present algorithms to compute the NE and prove that the system can converge to the NE in only a few iterations. A numerical analysis is also provided for different scenarios that illustrate the interplay of controllers in the multiparty control game. In addition, we conduct user studies of the multiparty control game to explore the gap between game theoretic approaches and real human behaviors.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"39 1","pages":"93-102"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87569835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Scalable and precise automated analysis of administrative temporal role-based access control","authors":"Silvio Ranise, A. Truong, A. Armando","doi":"10.1145/2613087.2613102","DOIUrl":"https://doi.org/10.1145/2613087.2613102","url":null,"abstract":"Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly evolving needs. For this reason, automated techniques to identify unsafe sequences of administrative actions (i.e. actions generating policies by which a user can acquire permissions that may compromise some security goals) are fundamental tools in the administrator's tool-kit. In this paper, we propose a precise and scalable automated analysis technique for the safety of administrative temporal RBAC policies. Our approach is to translate safety problems for this kind of policy to (decidable) reachability problems of a certain class of symbolic transition systems. The correctness of the translation allows us to design a precise analysis technique for the safety of administrative RBAC policies with a finite but unknown number of users. For scalability, we present a heuristics that allows us to reduce the set of administrative actions without losing the precision of the analysis. An extensive experimental analysis confirms the scalability and precision of the approach also in comparison with a recent analysis technique developed for the same class of temporal RBAC policies.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"1 1","pages":"103-114"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89737572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Access control models for geo-social computing systems","authors":"Ebrahim Tarameshloo, Philip W. L. Fong","doi":"10.1145/2613087.2613098","DOIUrl":"https://doi.org/10.1145/2613087.2613098","url":null,"abstract":"A Geo-Social Computing System (GSCS) allows users to declare their current locations, and uses these declared locations to make authorization decisions. Recent years have seen the emergence of a new generation of social computing systems that are GSCSs. This paper proposes a protection model for GSCSs. The protection system tracks the current locations of users and a knowledge base of primitive spatial relations between locations. Access control policies can be formulated by the composition of primitive spatial relations. The model is extended to account for Geo-Social Network Systems (GSNSs), which track both a spatial knowledge base and a social network. A policy language for GSNSs is proposed for specifying policies that combine both social and spatial constraints.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"44 1","pages":"115-126"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89635219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A system for risk awareness during role mining","authors":"Sharmin Ahmed, Sylvia L. Osborn","doi":"10.1145/2613087.2613095","DOIUrl":"https://doi.org/10.1145/2613087.2613095","url":null,"abstract":"This paper demonstrates a proof-of-concept prototype that is able to automatically and effectively detect and report different types of risk factors during the process of role mining. A role mining platform is embedded within the tool so that different role-mining algorithms can be used. Once roles are generated, a further analysis is done to detect risk presented by the roles output. To the best of our knowledge there is no such system that effectively detects risk factors and mines roles at the same time. The tool is easy to use, flexible and effective in automatically detecting risk. It can be useful for data analysts and role engineers.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"12 1","pages":"181-184"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78345938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Anomaly detection and visualization in generative RBAC models","authors":"Maria Leitner, S. Rinderle-Ma","doi":"10.1145/2613087.2613105","DOIUrl":"https://doi.org/10.1145/2613087.2613105","url":null,"abstract":"With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"19 1","pages":"41-52"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72725880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Re-thinking networked privacy, security, identity and access control in our surveillance states","authors":"A. Clement","doi":"10.1145/2613087.2613089","DOIUrl":"https://doi.org/10.1145/2613087.2613089","url":null,"abstract":"Mass surveillance activities by the security agencies of the Five Eyes countries (e.g. NSA, CSEC, etc) pose a significant challenge to those who care about the privacy, security and other democratic rights related to our burgeoning digitally mediated communications. The on-going media coverage of the Snowden documents has brought unprecedented attention to longstanding concerns about whether and how individuals can exercise effective control over their personal information as we increasingly lead our lives on-line. The revelations are also undermining comfortable assumptions about the institutions and infrastructures we depend on for the efficient and equitable functioning of a democratic society. We've seen agencies mandated to protect our networks compromise once trusted security standards, and secretly hoard vulnerabilities for later exploitation rather than fix them. We are witnesses to government and their corporate partners secretly accessing massive amounts of our data, and grudgingly acknowledge their activities only when forced to by whistleblowers. How can we restore trust in the organizations we interact with and hand our personal data to on a daily basis? How can we require them to be more open, transparent and accountable? What are the technically viable options that can help achieve the reliable protections that many regard as fundamental and wish they could take for granted?\u0000 Drawing on recent research, this talk will review some of the key surveillance challenges we face in the areas of internet routing and identity authentication. The IXmaps.ca project provides a mapping tool for visualizing the routes data packets take across the internet backbone, and in particular where one's own traffic may be subject to NSA interception at key internet routing choke points. It further documents patterns of \"boomerang routing\", whereby domestic Canadian traffic is often routed via the US, exposing it to foreign surveillance, and compares the data privacy transparency of the various carriers which handle this traffic en route.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"52 1","pages":"185-186"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82257094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sorting out role based access control","authors":"W. Kuijper, Victor Ermolaev","doi":"10.1145/2613087.2613101","DOIUrl":"https://doi.org/10.1145/2613087.2613101","url":null,"abstract":"Role-based access control (RBAC) is a popular framework for modelling access control rules. In this paper we identify a fragment of RBAC called bi-sorted role based access control (RBAC). We start from the observation that \"classic\" RBAC blends together subject management aspects and permission management aspects into a single object of indirection: a role. We posit there is merit in distinguishing these administrative perspectives and consequently introducing two distinct objects of indirection: the proper role (which applies solely to subjects) and the demarcation (which applies solely to permissions). We then identify a third administrative perspective called access management where the two are linked up. In this way we enhance organisational scalability by decoupling the tasks of maintaining abstractions over the set of subjects (assignment of subjects into proper roles), maintaining abstractions over the set of permissions (assignment of permissions into demarcations), and maintaining abstract access control policy (granting proper roles access to demarcations). Moreover, the latter conceptual refinement naturally leads us to the introduction of negative roles (and, dually, negative demarcations). The relevance of the four-sorted extension called polarized, bi-sorted role based access control (RpmBAC), in a semantic sense, is further supported by the existence of Galois connections between sets of subjects and permissions and between positive and negative roles.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"95 1","pages":"63-74"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79236715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"User-centric identity as a service-architecture for eIDs with selective attribute disclosure","authors":"Daniel Slamanig, Klaus Stranacher, Bernd Zwattendorfer","doi":"10.1145/2613087.2613093","DOIUrl":"https://doi.org/10.1145/2613087.2613093","url":null,"abstract":"Unique identification and secure authentication of users are essential processes in numerous security-critical areas such as e-Government, e-Banking, or e-Business. Therefore, many countries (particularly in Europe) have implemented national eID solutions within the past years. Such implementations are typically based on smart cards holding some certified collection of citizen attributes and hence follow a client-side and user-centric approach. However, most of the implementations only support all-or-nothing disclosure of citizen attributes and thus do not allow privacy-friendly selective disclosure of attributes. Consequently, the complete identity of the citizen (all attributes) are always revealed to identity providers and/or service providers, respectively. In this paper, we propose a novel user-centric identification and authentication model for eIDs, which supports selective attribute disclosure but only requires minimal changes in the existing eID architecture. In addition, our approach allows service providers to keep their infrastructure nearly untouched. Latter is often an inhibitor for the use of privacy-preserving cryptography like anonymous credentials in such architectures. Furthermore, our model can easily be deployed in the public cloud as we do not require full trust in identity providers. This fully features the Identity as a Service-paradigm while at the same time preserves citizens' privacy. We demonstrate the applicability of our model by adopting to the Austrian eID system to our approach.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"101 1","pages":"153-164"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74359358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A bodyguard of lies: the use of honey objects in information security","authors":"A. Juels","doi":"10.1145/2613087.2613088","DOIUrl":"https://doi.org/10.1145/2613087.2613088","url":null,"abstract":"Decoy objects, often labeled in computer security with the term honey, are a powerful tool for compromise detection and mitigation. There has been little exploration of overarching theories or set of principles or properties, however. This short paper (and accompanying keynote talk) briefly explore two properties of honey systems, indistinguishability and secrecy. The aim is to illuminate a broad design space that might encompass a wide array of areas in information security, including access control, the main topic of this symposium.\u0000 Dr. Ari Juels is a roving chief scientist specializing in computer security.\u0000 He was Chief Scientist of RSA (The Security Division of EMC), Director of RSA Laboratories, and a Distinguished Engineer at EMC, where he worked until September 2013. He joined RSA in 1996 after receiving his Ph.D. in computer science from U.C. Berkeley.\u0000 His recent areas of interest include \"big data\" security analytics, cybersecurity, cloud security, user authentication, privacy, medical-device security, biometric security, and RFID / NFC security. As an industry scientist, Dr. Juels has helped incubate innovative new product features and products and advised on the science behind security-industry strategy. He is also a frequent public speaker, and has published highly cited scientific papers on many topics in computer security.\u0000 In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Computerworld honored him in its \"40 Under 40\" list of young industry leaders in 2007. He has received other distinctions, but sadly no recent ones acknowledging his youth.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"76 1","pages":"1-4"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85561822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reduction of access control decisions","authors":"C. Morisset, Nicola Zannone","doi":"10.1145/2613087.2613106","DOIUrl":"https://doi.org/10.1145/2613087.2613106","url":null,"abstract":"Access control has been proposed as \"the\" solution to prevent unauthorized accesses to sensitive system resources. Historically, access control models use a two-valued decision set to indicate whether an access should be granted or denied. Many access control models have extended the two-valued decision set to indicate, for instance, whether a policy is applicable to an access query or an error occurred during policy evaluation. Decision sets are often coupled with operators for combining decisions from multiple applicable policies. Although a larger decision set is more expressive, it may be necessary to reduce it to a smaller set in order to simplify the complexity of decision making or enable comparison between access control models. Moreover, some access control mechanisms like XACML~v3 uses more than one decision set. The projection from one decision set to the other may result in a loss of accuracy, which can affect the final access decision. In this paper, we present a formal framework for the analysis and comparison of decision sets centered on the notion of decision reduction. In particular, we introduce the notion of safe reduction, which ensures that a reduction can be performed at any level of policy composition without changing the final decision. We demonstrate the framework by analyzing XACML v3 against the notion of safe reduction. From this analysis, we draw guidelines for the selection of the minimal decision set with respect to a given set of combining operators.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"85 1","pages":"53-62"},"PeriodicalIF":0.0,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89618321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}