Fatih Türkmen scite author profile

Abstract. The eXtensible Access Control Markup Language (XACML) is an extensible and flexible XML language for the specification of access control policies. However, the richness and flexibility of the language (along with the verbose syntax of XML) come with a price: errors are easy to make and difficult to detect when policies grow in size. If these errors are not detected and rectified, they can result in serious data leakage and/or privacy violations leading to significant legal and financial consequences. To assist policy authors in the analysis of their policies, several policy analysis tools have been proposed based on different underlying formalisms. However, most of these tools either abstract away functions over non-Boolean domains (hence they cannot provide information about them) or produce very large encodings which hinder the performance. In this paper, we present a generic policy analysis framework that employs SMT as the underlying reasoning mechanism. The use of SMT does not only allow more fine-grained analysis of policies but also improves the performance. We demonstrate that a wide range of security properties proposed in the literature can be easily modeled within the framework. A prototype implementation and its evaluation are also provided.

show abstract

Benchmarking UAQ Solvers

Armando

Gazzarata

Türkmen

2020

View full text Add to dashboard Cite

show abstract

Efficient run-time solving of RBAC user authorization queries

Armando

Ranise

Türkmen

et al. 2012

View full text Add to dashboard Cite

The User Authorization Query (UAQ) Problem for RoleBased Access Control (RBAC) amounts to determining a set of roles to be activated in a given session in order to achieve some permissions while satisfying a collection of authorization constraints governing the activation of roles. Techniques ranging from greedy algorithms to reduction to (variants of) the propositional satisfiability (SAT) problem have been used to tackle the UAQ problem. Unfortunately, available techniques suffer two major limitations that seem to question their practical usability. On the one hand, authorization constraints over multiple sessions or histories are not considered. On the other hand, the experimental evaluations of the various techniques are not satisfactory since they do not seem to scale to larger RBAC policies.In this paper, we describe a SAT-based technique to solve the UAQ problem which overcomes these limitations. First, we show how authorization constraints over multiple sessions and histories can be supported. Second, we carefully tune the reduction to the SAT problem so that most of the clauses need not to be generated at run-time but only in a pre-processing step. Finally, we present an extensive experimental evaluation of an implementation of our techniques on a significant set of UAQ problem instances that show the practical viability of our approach; e.g., problems with 300 roles are solved in less than a second.

show abstract

Formal analysis of XACML policies using SMT

Türkmen

Hartog

Ranise

et al. 2017

Computers & Security

View full text Add to dashboard Cite

Privacy-preserving logistic regression with secret sharing

Ghavamipour

Türkmen

Jian

2022

BMC Med Inform Decis Mak

View full text Add to dashboard Cite

Background Logistic regression (LR) is a widely used classification method for modeling binary outcomes in many medical data classification tasks. Researchers that collect and combine datasets from various data custodians and jurisdictions can greatly benefit from the increased statistical power to support their analysis goals. However, combining data from different sources creates serious privacy concerns that need to be addressed. Methods In this paper, we propose two privacy-preserving protocols for performing logistic regression with the Newton–Raphson method in the estimation of parameters. Our proposals are based on secure Multi-Party Computation (MPC) and tailored to the honest majority and dishonest majority security settings. Results The proposed protocols are evaluated against both synthetic and real-world datasets in terms of efficiency and accuracy, and a comparison is made with the ordinary logistic regression. The experimental results demonstrate that the proposed protocols are highly efficient and accurate. Conclusions Our work introduces two iterative algorithms to enable the distributed training of a logistic regression model in a privacy-preserving manner. The implementation results show that our algorithms can handle large datasets from multiple sources.

show abstract

Anomaly analysis for Physical Access Control security configuration

Fitzgerald

Türkmen

Foley

et al. 2012

View full text Add to dashboard Cite

Abstract-Physical Access Controls, such as supervised doors, surveillance cameras and alarms, act as important points of demarcation between physical zones (areas/rooms) of different levels of trust. They do so by controlling personnel flow to and from areas in accordance with the enterprise security policy. A significant challenge in providing physical access control for (restricted) areas is attaining a degree of confidence that a Physical Access Control security configuration adequately addresses the threats. A misconfiguration may result in a threat of unapproved personnel access or the denial of approved personnel access to a restricted zone. In practice, Physical Access Control security configurations typically span multiple zones, involve many users and run to many thousands of access-control rules, and such complexity may increase the likelihood of misconfiguration. In this paper, a formal model for Physical Access Control security configurations is presented. This model, implemented in SAT, captures a number of unique anomalies specific to Physical Access Control domain. A preliminary set of experiments that evaluate our approach is presented.

show abstract

CYCLONE: The Multi-cloud Middleware Stack for Application Deployment and Management

Slawik¹,

Blanchet

Demchenko

et al. 2017

View full text Add to dashboard Cite

DevOps teams have to consider many technology and platform aspects when developing, deploying and operating cloud based applications: application deployments need to work everywhere on different cloud platforms, identities need to come from anywhere, and networks need to connect to anyone. The CYCLONE middleware is a holistic middleware stack that allows deploying and managing cloud based applications on multiple clouds and multiple cloud platforms. It includes a deployment manager, a practical identity federation, as well as a network manager that connects VMs independent of any specific infrastructure. This article explains the CYCLONE middleware stack, and what it can offer for application developers and operators. The paper describes in details the main bioinformatics use cases that evolve from a single VM installation for simple microbial research to multicloud infrastructure for advanced genomic resource. The paper also describes the CYCLONE federated identity management and access control infrastructure that significantly simplifies access for institutional users.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Fatih Türkmen

Performance evaluation of XACML PDP implementations

Analysis of XACML Policies with SMT

Benchmarking UAQ Solvers

Efficient run-time solving of RBAC user authorization queries

Formal analysis of XACML policies using SMT

Privacy-preserving logistic regression with secret sharing

Anomaly analysis for Physical Access Control security configuration

CYCLONE: The Multi-cloud Middleware Stack for Application Deployment and Management

Contact Info

Product

Resources

About