{"title":"基于策略的ABAC执行系统中确定决策的推理规则","authors":"Bach-Hue Pham, Toan-Thinh Truong, Minh Tran","doi":"10.1109/CSP58884.2023.00027","DOIUrl":null,"url":null,"abstract":"Attribute-based access control (ABAC) model manages access to resources by policies. Incoming requests must satisfy some policy to be permitted to execute. Polices and requests are based on attributes, which are basic elements for constructing four components of each one, including Subject, Environment, Resource and Action. In XACML standard, for a given request the response can be one of the following values: Permit, Deny, Not Applicable and Indeterminate. The two last values are not decisive, bring no value to the requesters. We focus on the requests received Not Applicable in this article. Modifying the polices individually or rewriting the request by reducing the resource from the original one are solutions of existing studies. We theoretically introduce inference rules, which are applied to the policy set for computing the closure of it to evaluate whether the request is responded with firmed decision of permit or deny. Our proposals guide the security administrators in building the policy set satisfying an important property called completeness - the ability to be able to give determined responses to all the possible legal requests in the real world. In addition, we find out other necessary properties of the policy set and suggest the algorithms for ensuring some of them.","PeriodicalId":255083,"journal":{"name":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Inference Rules for Determined Decisions in Policy-Based ABAC Enforcement Systems\",\"authors\":\"Bach-Hue Pham, Toan-Thinh Truong, Minh Tran\",\"doi\":\"10.1109/CSP58884.2023.00027\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attribute-based access control (ABAC) model manages access to resources by policies. Incoming requests must satisfy some policy to be permitted to execute. Polices and requests are based on attributes, which are basic elements for constructing four components of each one, including Subject, Environment, Resource and Action. In XACML standard, for a given request the response can be one of the following values: Permit, Deny, Not Applicable and Indeterminate. The two last values are not decisive, bring no value to the requesters. We focus on the requests received Not Applicable in this article. Modifying the polices individually or rewriting the request by reducing the resource from the original one are solutions of existing studies. We theoretically introduce inference rules, which are applied to the policy set for computing the closure of it to evaluate whether the request is responded with firmed decision of permit or deny. Our proposals guide the security administrators in building the policy set satisfying an important property called completeness - the ability to be able to give determined responses to all the possible legal requests in the real world. In addition, we find out other necessary properties of the policy set and suggest the algorithms for ensuring some of them.\",\"PeriodicalId\":255083,\"journal\":{\"name\":\"2023 7th International Conference on Cryptography, Security and Privacy (CSP)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 7th International Conference on Cryptography, Security and Privacy (CSP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSP58884.2023.00027\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSP58884.2023.00027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Inference Rules for Determined Decisions in Policy-Based ABAC Enforcement Systems
Attribute-based access control (ABAC) model manages access to resources by policies. Incoming requests must satisfy some policy to be permitted to execute. Polices and requests are based on attributes, which are basic elements for constructing four components of each one, including Subject, Environment, Resource and Action. In XACML standard, for a given request the response can be one of the following values: Permit, Deny, Not Applicable and Indeterminate. The two last values are not decisive, bring no value to the requesters. We focus on the requests received Not Applicable in this article. Modifying the polices individually or rewriting the request by reducing the resource from the original one are solutions of existing studies. We theoretically introduce inference rules, which are applied to the policy set for computing the closure of it to evaluate whether the request is responded with firmed decision of permit or deny. Our proposals guide the security administrators in building the policy set satisfying an important property called completeness - the ability to be able to give determined responses to all the possible legal requests in the real world. In addition, we find out other necessary properties of the policy set and suggest the algorithms for ensuring some of them.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
