Verification and enforcement of access control policies

被引:0
作者
Antonio Cau
Helge Janicke
Ben Moszkowski
机构
[1] De Montfort University,Software Technology Research Laboratory
来源
Formal Methods in System Design | 2013年 / 43卷
关键词
Access control policy; Policy enforcement; Policy verification; Binary decision diagram;
D O I
暂无
中图分类号
学科分类号
摘要
Access control mechanisms protect critical resources of systems from unauthorized access. In a policy-based management approach, administrators define user privileges as rules that determine the conditions and the extent of users’ access rights. As rules become more complex, analytical skills are required to identify conflicts and interactions within the rules that comprise a system policy—especially when rules are stateful and depend on event histories. Without adequate tool support such an analysis is error-prone and expensive. In consequence, many policy specifications are inconsistent or conflicting that render the system insecure. The security of the system, however, does not only depend on the correct specification of the security policy, but in a large part also on the correct interpretation of those rules by the system’s enforcement mechanism.
引用
收藏
页码:450 / 492
页数:42
相关论文
共 50 条
  • [41] BlueSky: Physical Access Control: Characteristics, Challenges, and Research Opportunities
    Masoumzadeh, Amirreza
    van der Laan, Hans
    Dercksen, Albert
    PROCEEDINGS OF THE 27TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2022, 2022, : 163 - 172
  • [42] Access control in collaborative commerce
    Li, Eldon Y.
    Du, Timon C.
    Wong, Jacqueline W.
    DECISION SUPPORT SYSTEMS, 2007, 43 (02) : 675 - 685
  • [43] Context-driven Policies Enforcement for Edge-based IoT Data Sharing-as-a-Service
    Huu-Ha Nguyen
    Phung, Phu H.
    Nguyen, Phu H.
    Hong-Linh Truong
    2022 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (IEEE SCC 2022), 2022, : 221 - 230
  • [44] Managing Data Access on Clouds: A Generic Framework for Enforcing Security Policies
    Basescu, Cristina
    Leordeanu, Catalin
    Costan, Alexandru
    Carpen-Amarie, Alexandra
    Antoniu, Gabriel
    25TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA 2011), 2011, : 459 - 466
  • [45] A Virtual Machine Based Information Flow Control System for Policy Enforcement
    Naira, Srijith K.
    Simpson, Patrick N. D.
    Crispo, Bruno
    Tanenbaum, Andrew S.
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2008, 197 (01) : 3 - 16
  • [46] Access control model with provisional actions
    Kudo, M
    Hada, S
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2001, E84A (01) : 295 - 302
  • [47] On the Unification of Access Control and Data Services
    Ferraiolo, David
    Gavrila, Serban
    Jansen, Wayne
    2014 IEEE 15TH INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION (IRI), 2014, : 450 - 457
  • [48] Interactive Graphical Access Control Tools
    Fernandez, Rachael
    Cheng, Peter
    Smith, Ben
    Fenton, Tania
    Boraey, Yehia
    Nhlabatsi, Armstrong
    Khan, Khaled
    Fetais, Noora
    2023 IEEE SYMPOSIUM ON VISUAL LANGUAGES AND HUMAN-CENTRIC COMPUTING, VL/HCC, 2023, : 255 - 259
  • [49] Policy enforcement system for secure interoperable control in distributed Smart Grid systems
    Alcaraz, Cristina
    Lopez, Javier
    Wolthusen, Stephen
    JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2016, 59 : 301 - 314
  • [50] Enforcing Location-based Access Policies Using the Existing IEEE 802.11 Infrastructure
    Alamleh, Hosam
    AlQahtani, Ali Abdullah S.
    2020 11TH IEEE ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS & MOBILE COMMUNICATION CONFERENCE (UEMCON), 2020, : 727 - 731
12345