Current firewall configuration languages have no well founded semantics. Each firewall implements its own algorithm that parses specific proprietary languages. The main consequence is that network access control policies are difficult to manage and most firewalls are actually wrongly configured. In this paper, we present an access control language based on XML syntax whose semantics is interpreted in the access control model Or-BAC (Organization Based Access Control). We show how to use this language to specify high-level network access control policies and then to automatically derive concrete access control rules to configure specific firewalls through a translation process. Our approach provides clear semantics to network security policy specification, makes management of such policy easier for the administrator and guarantees portability between lirewalls.
As computer infrastructures become more complex, security models must provide means to handle more flexible and dynamic requirements. In the Organization Based Access Control (OrBAC) model, it is possible to express such requirements using the notion of context. In OrBAC, each security rule (permission, prohibition, obligation or dispensation) only applies in a given context. A context is viewed as an extra condition that must be satisfied to activate a given security rule. In this paper, we present a taxonomy of different types of context and investigate the data the information system must manage in order to deal with these different contexts. We then explain how to model and evaluate them in the OrBAC model.
Specifying a security policy that includes both permissions and prohibitions, may lead to conflicts. This corresponds to a situation where a subject is both permitted and prohibited to perform a given action on a given object. We adopt a comparative approach to investigate this problem. We first investigate access control models based on rules, called Rule-BAC, and present weaknesses that arise when we try to manage conflicts in this model. In particular, Rule-BAC models fail to provide decidable solution to redundant rules and potential conflicts problems. Then, we show how a more structured model, say OR-BAC (Organization Based Access Control), gifted with inheritance mechanism make redundant rules and potential conflict problems tractable in polynomial time.
Information systems security issues are currently being addressed using different techniques, such as authentication, encryption and access control, through the definition of security policies, but also using monitoring techniques, in particular intrusion detection systems. We can observe that security monitoring is currently totally decorrelated from security policies, that is security requirements are not linked with the means used to control their fulfillment. Most of the time, security operators have to analyze monitoring results and manually react to provide countermeasures to threats compromising the security policy. The response process is far from trivial, since it both relies on the relevance of the threat analysis and on the adequacy of the selected countermeasures. In this paper, we present an approach aiming at connecting monitoring techniques with security policy management in order to provide response to threat. We propose an architecture allowing to dynamically and automatically deploy a generic security policy into concrete policy instances taking into account the threat level characterized thanks to intrusion detection systems. Such an approach provides means to bridge the gap between existing detection approaches and new requirements, which clearly deal with the development of intrusion prevention systems, enabling a better protection of the resources and services.
Modelling security policies requires means to specify permissions and prohibitions. However, this is generally not sufficient to express security properties such as availability and obligations must be also considered. By contrast to permissions and prohibitions, obligations are often associated with deadlines to specify bounded time availability requirements. In this case, a violation only occurs if the obliged action is not performed before the deadline. On the other hand, when specifying high level security policies, it is convenient to consider abstract non atomic actions. Since most access control mechanisms only deal with atomic actions such as read or write, these non atomic actions must be decomposed into more basic ones. In this paper, we define a formal security model called Nomad to express privileges on non atomic actions. This model combines deontic and temporal logics. In Nomad, we model conditional privileges and obligations with deadlines. We also formally analyze how privileges on non atomic actions can be decomposed into more basic privileges on elementary actions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.